Re: Upcoming stable point release (7.6)
On Wed, 2014-06-11 at 20:07 +0100, Adam D. Barratt wrote: The next point release for wheezy (7.6) is scheduled for Saturday, July 12th. Stable NEW will be frozen during the preceding weekend. The archive side of the point release has now finished and packages should start appearing on mirrors in the next couple of hours. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1405163931.24592.8.ca...@jacala.jungle.funky-badger.org
Re: concrete steps for improving apt downloading security and privacy
On Mon, Jul 07, 2014 at 08:09:14PM +0900, Joel Rees wrote: But again, that's only half the story. When you send a kernel image encrypted, they have the plaintext and the crypt, and the thing is large and hard. This is the kind of data that can be used to completely break an entire encryption algorithm. When you say break an entire encryption algorithm, do you mean find the key or really break the whole algorithm? If you mean break the whole algorithm and gain the ability to convert ciphertexts to plaintexts no matter what key was used, please consider that they could just encrypt a lot of data with random keys themselves instead of collecting it from the internet. If you mean find the key: So what? You're talking about session keys used in the TLS connection, right? Even if there was the kind of attack you're thinking about, it would only allow an attacker to gain access to the connection that he would be able to MITM anyway without the TLS layer. signature.asc Description: Digital signature
Re: concrete steps for improving apt downloading security and privacy
On Sun, Jul 13, 2014 at 5:04 AM, Jann Horn j...@thejh.net wrote: On Mon, Jul 07, 2014 at 08:09:14PM +0900, Joel Rees wrote: But again, that's only half the story. When you send a kernel image encrypted, they have the plaintext and the crypt, and the thing is large and hard. This is the kind of data that can be used to completely break an entire encryption algorithm. When you say break an entire encryption algorithm, do you mean find the key or really break the whole algorithm? Both, of course. If you mean break the whole algorithm and gain the ability to convert ciphertexts to plaintexts no matter what key was used, please consider that they could just encrypt a lot of data with random keys themselves instead of collecting it from the internet. If you mean find the key: So what? You're talking about session keys used in the TLS connection, right? Even if there was the kind of attack you're thinking about, it would only allow an attacker to gain access to the connection that he would be able to MITM anyway without the TLS layer. What are the encryption methods that underlie the current implementations of TLS? What were the previous methods? Why did they have to be changed? What did the research that induced the change use in getting the results they got? Have the researchers given up? No? What kinds of data do they use? Note that we still don't have a publicly known general attack against MD5 encryption for arbitrary plaintexts. MD5 has been broken for a small number of applications. Its status is questionable for the rest, but if we want to help break it completely, let's get all the distros that insist on still using MD5 to use it, not just for signing, but for encrypting their distribution images. I'm not talking about suddenly facing the end of the world as we know it tomorrow. I'm talking about choosing to push the time when we have to shift encryption methods again a few years forward by casually providing more data for research. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iN=fguxegEdr16jr37tuE8osHDDPRdHZicDfZU=dyp...@mail.gmail.com
Re: concrete steps for improving apt downloading security and privacy
On Sun, Jul 13, 2014 at 08:35:56AM +0900, Joel Rees wrote: MD5 has been broken for a small number of applications. Its status is questionable for the rest, but if we want to help break it completely, let's get all the distros that insist on still using MD5 to use it, not just for signing, but for encrypting their distribution images. The point that you miss is that a chosen plaintext attack is not dependent on the secret key in use. It's an attack against the algorithm itself. If we sign publically available data (be it Debian packages, CD images, or this email) with a given key, we really aren't giving our adversaries anything that they can't create for themselves. Keys are cheap to generate. If an adversary wants to perform chosen plaintext analysis, they can do so today with their own keys and with all the common public datasets they want. Getting all the distros that insist on still using MD5 to use it, not just for signing, but for encrypting their distribution images won't change anything. (Not to mention that it shows a fundamental misunderstanding of what a digest algorithm like md5 actually is.) noah signature.asc Description: Digital signature