Yes, as a matter of fact I read this on Slashdot earlier today. Very shaky stuff, considering not only most the internet distribution centers use MD5 to verify data (mostly open source files, linux, etc.) but UNIX and Linux also use MD5 in password data files (unless shadowing is in place). Of course, MD5 is not broken completely (asside from rumors claiming so) but it could happen.
As of last week, MD5 was not broken completely. However there is a new result that was announced last night, which seriously trashes MD5. Early results indicate we can consider it broken. SHA-0 is also wobbly, and SHA-1 will now have a rating of "migrate from" rather than "use without caring."
http://www.financialcryptography.com/mt/archives/000199.html has links if you want to read the papers.
> If you know of
stronger hashes, please post their websites here.
SHA-256, SHA-512 are the current "best options". I'd be surprised if they weren't already coded into NSS (?).
Also, the downloading in mozilla should have a modular funcionality (extensions in firefox). This way, even if the MD5 auto checker is created for right now, a new one could just as easily be implemented as well. Thanks.
As everyone is still publishing the MD5 hash, then I'd suggest that the download auto checker provide the MD5 hash as the default and also offer options in the others above. One day, the default can change.
But, even if MD5 is broken, this is no reason not to add the auto-checker. It's still a very valuable security feature. Downloaded files are rarely attacked, and adding a distributed checksum as a user end-to-end check just makes it lots harder to attack. It pretty much eliminates the class of attack.
For anyone who seriously is threatened with an attacker that would go to the trouble of hacking a download *and* crunching a forged message digest, *and* inserting that into the user's posts/website views/etc ... well, that person should know that they have to take extra precautions like switching hashes or secure delivery. Such an attack is well outside the remit of "ordinary user" as per the Mozilla mission.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
