Re: sha1sum problem

[Michael Stahl]

On 24.02.2017 16:45, Bryan Quigley wrote:
> I'm going to look at adding the SHA256SUM for all the files in
> download.lst.  It looks like we can add them without breaking
> anything.  Then we can test out how we want to switch or if we need to
> support both for a bit (platform dependent?).

right, and as just discussed on IRC that can even be done without having
to rename all the md5-containing filenames on the server, by adding a
variable for the SHA256SUM and just ignoring the hash contained in the
filename.

> On Fri, Feb 24, 2017 at 10:25 AM, Stephan Bergmann  
> wrote:
>> On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
>>>
>>> The situation with checksum of 'external' files is much worse that you
>>> thought.
>>> They are actually checked with md5.
>>> That being said they are not truly external, since they are hosted on
>>> the project infrastructure

>>> and the original motivation was not so much malicious injection
>>> detection but faulty transfer.
>>> using sha1 there would actually be an 'improvement' :-)

actually AFAICS the MD5 usage here is not currently a problem.

there are 2 different problems with hash functions, collision attacks
and preimage attacks.

https://en.wikipedia.org/wiki/Preimage_attack

the big news about SHA1 is that somebody successfully performed a
collision attack, where they created 2 files from scratch that have the
same SHA1.

but here we have files that already exist and worry[1] that someone
could create another file with the same hash - that is a preimage attack.

https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability

"In April 2009, a preimage attack against MD5 was published that breaks
MD5's preimage resistance. This attack is only theoretical, with a
computational complexity of 2^123.4 for full preimage."

the SHA1 collision brute-force require 2^80, and less with some clever
mathematical insight, so md5 preimage appears at least 2^43 harder.

still, if somebody wants to implement using a better hash function,
there is no reason to object :)

[1] unless the upstream that creates the tarball is actively malicious,
but in that case we have other problems


___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Norbert Thiebaud]

On Fri, Feb 24, 2017 at 9:45 AM, Bryan Quigley
 wrote:
> I'm going to look at adding the SHA256SUM for all the files in
> download.lst.  It looks like we can add them without breaking
> anything.  Then we can test out how we want to switch or if we need to
> support both for a bit (platform dependent?).

shasum is already present and working on the supported platform
(I checked earlier on mac and windows)
so yeah that should be doable pretty much transparently.

Supporting a mix of method would be more painful and really not that
useful I think.

Norbert
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Bryan Quigley]

I'm going to look at adding the SHA256SUM for all the files in
download.lst.  It looks like we can add them without breaking
anything.  Then we can test out how we want to switch or if we need to
support both for a bit (platform dependent?).

Thoughts?
Bryan

(Of course, technically my SHA256SUMs will be based on the existing
HTTP download and MD5SUM...)


On Fri, Feb 24, 2017 at 10:25 AM, Stephan Bergmann  wrote:
> On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
>>
>> The situation with checksum of 'external' files is much worse that you
>> thought.
>> They are actually checked with md5.
>> That being said they are not truly external, since they are hosted on
>> the project infrastructure
>
>
> ...but downloaded via plain HTTP
>
>> and the original motivation was not so much malicious injection
>> detection but faulty transfer.
>> using sha1 there would actually be an 'improvement' :-)
>>
>> I guess we could convert that to shasum -a 256
>
>
> ___
> LibreOffice mailing list
> LibreOffice@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/libreoffice
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Norbert Thiebaud]

On Fri, Feb 24, 2017 at 9:25 AM, Stephan Bergmann  wrote:
> On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
>>
>> The situation with checksum of 'external' files is much worse that you
>> thought.
>> They are actually checked with md5.
>> That being said they are not truly external, since they are hosted on
>> the project infrastructure
>
>
> ...but downloaded via plain HTTP

guilhem is fixing that on all our web services.
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Stephan Bergmann]

On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:

The situation with checksum of 'external' files is much worse that you thought.
They are actually checked with md5.
That being said they are not truly external, since they are hosted on
the project infrastructure


...but downloaded via plain HTTP


and the original motivation was not so much malicious injection
detection but faulty transfer.
using sha1 there would actually be an 'improvement' :-)

I guess we could convert that to shasum -a 256


___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Norbert Thiebaud]

On Fri, Feb 24, 2017 at 8:03 AM, Necdet Yücel  wrote:
> 2017-02-24 16:42 GMT+03:00 Norbert Thiebaud :
>>
>> On Fri, Feb 24, 2017 at 5:13 AM, Necdet Yücel 
>> wrote:
>> > Hi,
>> >
>> > in configure script file integrity is checked by using sha1sums.
>>
>> You are sure about that ? or you just did a quick git grep sha1sum and
>> went from there ?
>
>
> i saw SHA1SUM="openssl sha1" in configure script and wrote here. If it's ok
> for LO, then it's ok for me too. Sorry for inconvenience

This instance of sha1sum usage is in a test intended to detect a bug
in gmake. the input being sha-ed
are generated during the test.. this is not suceptible attacks, and
even it it was the consequences would be to
not detect a buggy gmake and have the build fail possibly later.

The situation with checksum of 'external' files is much worse that you thought.
They are actually checked with md5.
That being said they are not truly external, since they are hosted on
the project infrastructure
and the original motivation was not so much malicious injection
detection but faulty transfer.
using sha1 there would actually be an 'improvement' :-)

I guess we could convert that to shasum -a 256

Note though that the binaries published by tdf for download come with
a variety of hashes to verify against
http://download.documentfoundation.org/libreoffice/stable/5.3.0/mac/x86_64/LibreOffice_5.3.0_MacOS_x86-64.dmg.mirrorlist
including a pgp signature
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Necdet Yücel]

2017-02-24 16:42 GMT+03:00 Norbert Thiebaud :

> On Fri, Feb 24, 2017 at 5:13 AM, Necdet Yücel 
> wrote:
> > Hi,
> >
> > in configure script file integrity is checked by using sha1sums.
>
> You are sure about that ? or you just did a quick git grep sha1sum and
> went from there ?
>

i saw SHA1SUM="openssl sha1" in configure script and wrote here. If it's ok
for LO, then it's ok for me too. Sorry for inconvenience

regards
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Norbert Thiebaud]

On Fri, Feb 24, 2017 at 5:13 AM, Necdet Yücel  wrote:
> Hi,
>
> in configure script file integrity is checked by using sha1sums.

You are sure about that ? or you just did a quick git grep sha1sum and
went from there ?


Norbert
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Necdet Yücel]

Hi,

in configure script file integrity is checked by using sha1sums.


---
Necdet Yücel
http://about.me/nyucel

2017-02-24 4:18 GMT+03:00 Norbert Thiebaud :

> On Thu, Feb 23, 2017 at 10:54 AM, Necdet Yücel 
> wrote:
> > Hi,
> >
> > Since SHA1 has been broken in practice [1] maybe we should consider to
> move
> > to safer alteratives, such as SHA-256.
>
> What are you talking about ? (yes I read the news this morning too,
> but what concretely are you talking about in the context of this
> project ? )
>
> Norbert
>
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Re: sha1sum problem

[Norbert Thiebaud]

On Thu, Feb 23, 2017 at 10:54 AM, Necdet Yücel  wrote:
> Hi,
>
> Since SHA1 has been broken in practice [1] maybe we should consider to move
> to safer alteratives, such as SHA-256.

What are you talking about ? (yes I read the news this morning too,
but what concretely are you talking about in the context of this
project ? )

Norbert
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

sha1sum problem

[Necdet Yücel]

Hi,

Since SHA1 has been broken in practice [1] maybe we should consider to move
to safer alteratives, such as SHA-256.

Best regards

[1] http://shattered.it/

---
Necdet Yücel
http://about.me/nyucel
___
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice