Re: Foiling MITM attacks on source and ports trees

Sat, 03 Jan 2009 04:46:49 -0800 

RW wrote:

On Fri, 02 Jan 2009 17:30:12 +0000
Vincent Hoffman <[email protected]> wrote:

Admittedly this doesn't give a file by file checksum


That's not really a problem, it's no easier to create a collision

in a .gz file than a patch file. 


The more substantial weakness is that the key is verified against a
hash stored on the original installation media. If someone went to the
trouble of diverting dns or routing to create a fake FreeBSD site they
would presumably make it self-consistent down to the ISO checksums.


Yes.  Anyone can generate checksums.  The standard method of getting round
this problem is to cryptographically sign the (lists of) checksums using
some form of public/private key pair.

Unless designed carefully, there will be substantial logistical problems to
maintaining such lists of signatures.  The least laborious mechanism I can
think of would be this: an SSL secured web site using a key+cert signed by
a trusted CA[*].  This site would have privileged access to the master 
repositories
and would run a fairly simple CGI where supplying the location of a file from
a checked out copy of a repo, plus version number information and whatever
else is necessary to uniquely identify the specific file in question would
be answered with a list of checksums (MD5, SHA1, SHA265 etc.) of that file.
Obviously, this will require substantial caching of previously calculated

checksums simply for performance.  


As an end user, you check out sources etc. from whatever of the mirrors is
most suitable.  You can then verify the correctness of what's on your disk
by comparing a locally generated checksum with what you can download via a
trusted channel from the checksum server.  Since the checksum server is only
accessible via HTTPS and has a trusted certificate it should not be possible
to spoof.  Traffic levels should be relatively small compared to the main
distribution channels.  Even so, because of the SSL requirement it's going to
take a substantial piece of kit to provide this checksumming service at a
decent performance level,  especially when there are recent new releases.

        Cheers,

        Matthew

[*] Buying a high security cert from the likes of Verisign or OpenSRS would
set you back about £800 p.a. and it would probably be necessary to use someone
like the FreeBSD Foundation as an appropriate body to own the cert.

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW




Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to