On Thursday 23 June 2005 17:41, Paweł 'Róża' Różański wrote: > > But first, they're [MD5 checksums] put there to check if the file was > downloaded > correctly, not to check, if it's unchanged.
Eh? A complete but incorrectly copied file is very improbable, unless the software is broken - TCP provides plenty of safeguards against data corruption in transit. As far as I'm concerned the purpose of providing checksums is to verify that the file downloaded has not been tampered with. Otherwise why go to the bother of using MD5 - CRC32 is plenty good enough for a quick practical check that two files which are supposed to be identical really are. > Second, changing zip's md5 > shouldn't be so easy, because one has got to find content, that has > specified md5 sum after being ziped (zip has its own checksum, so I > belive it's impossible to change just a few bytes of zip archive). The internal checksums in zip format file are either CRC16 or CRC32 which are almost trivial to forge, given the amount of computer power required to create a MD5 or SHA-1 hash collision. (Zip was invented before MD5 or SHA-1 and requires to maintain backward compatibility). CRC16/32 are reasonable for checking subfile integrity but are no safeguard at all against deliberate tampering. If I wanted to forge a MD5 checksum on a subfile contained in a zip archive, I'd simply alter the subfile and rebuild the archive adding an extra subfile whose contents I could vary at will to achieve the required MD5 checksum of the whole archive. > > > SHA-256 & SHA-512 are being talked about as possible replacements. Maybe > > they might survive realistic attacks for few years. > > Unless they're put on the same FTP site as the changed archive. ;-) Obviously. There's very little point in comparing checksums if there is a chance that the published checksums could be replaced at least as easily as the files themselves could be tampered with. > > > My principal safeguard against possible compromise of downloaded mprime > > executables is to run them chrooted, as a special user with a small disk > > quota and very, very few priveleges. > > Would you be so nice and share your solution? With all stuff, > autostarting, quota, priveleges and so on... TIA Windows, not a clue. linux/unix, quota, priveleges etc. are straightforward. And the client can be started by tapping into the system startup scripts. There is so much here which is system dependent that I wouldn't care to give a recipe - if you understand system administration you already know how to do the job, and if you don't you probably shouldn't be fiddling. Regards Brian Beesley _______________________________________________ Prime mailing list [email protected] http://hogranch.com/mailman/listinfo/prime
