2012/5/25, David Anderson <[email protected]>: > On 25-May-2012 5:22 AM, TarotApprentice wrote: >> Do we have any plans to switch from MD5 checksums any time in the near >> future? > > Not at this point. > As far as I can tell, the collision vulnerabilities of MD5 > (see http://en.wikipedia.org/wiki/MD5) > can't be used to break BOINC's code-signing mechanism. > (If this is wrong, please let me know ASAP).
I can't claim to know much about crypto, but from what I saw on wikipedia, we're totally safe with respect to the code signing. Most of MD5 vulnerabilities are about collision attacks, which let you create two pieces of data with the same hash. To break BOINC's code signing mechanism, you would need a preimage attack, which is to create a file with the same hash as another file that already exists and you can't change (the valid signed file). There is only a theoretical preimage attack for MD5 that reduces the complexity from the ideal 2^128 to 2^123.4. Generating a file with the same MD5 hash as a valid science app is thus nearly impossible, let alone generating such a file that is also a valid executable with malicious code. A friend who has a clue just told me "Your software will never be so secure that the easiest means of attack comes down to the hashing algorithm". -- Nicolás _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
