X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:subject:date:in-reply-to
	:message-id; q=dns; s=default; b=MgGtsm0GzGFs7ysZ7+oI1y+aToffTHm
	wPKoWkZRMshdZlKjpRnDUoNk+AHOgublkBdRRUppI+ACg3yMJLfpdjtMb5Fd7b/g
	5J331EQKxi9YldNImJ8KNIsAmFbDmOwwiZGtypQVzpMGQJm5SQ+tCrdByvtIh3Dk
	jlvAbW9zua0E=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:content-transfer-encoding
	:mime-version:from:reply-to:to:subject:date:in-reply-to
	:message-id; s=default; bh=0J8DOopeup1C5AgqasY5+znwj3k=; b=Zlmwk
	dbgA0dIWHtVOwO619E1p8uyKO+jiy273i3f7Qj+ySA+ZljAXEiRI/DHpP9fAErYC
	kN4axfjBPxZExDGa+PmBau8IgHVs9LskSPVcpqP1AUCClsCY3UJWFkxZPvkSYaQ8
	a4fw36xyx9LJAhAZLlm9uLl7iYx8K77QSRxLqA=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham version=3.3.2
X-HELO: aibo.runbox.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
MIME-Version: 1.0
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Reply-To: dwheeler@dwheeler.com
To: "cygwin" <cygwin@cygwin.com>, "Stromeko" <Stromeko@nexgo.de>
Subject: Re: How Cygwin counters man-in-the-middle (MITM) attacks
Date: Mon, 09 Mar 2015 11:34:15 -0400 (EDT)
In-Reply-To: <874mpvqnoh.fsf@Rainer.invalid>
Message-Id: <E1YUzh9-0001y1-J6@rmm6prod02.runbox.com>
X-IsSubscribed: yes
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t29FYckX013379

On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <Stromeko@nexgo.de> wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum.  I think that is a much taller order than simply
> creating a hash collision.

That is harder, but I wouldn't trust it.

In 2004 it was shown that MD5 is not collision resistant, and the attacks just keep getting worse.  A quick check at the Wikipedia page about MD5 shows the sorry state of MD5.  The Software Engineering Institute (SEI) puts it pretty baldly: MD5 "should be considered cryptographically broken and unsuitable for further use".  You want to use known-strong crypto, not known-busted crypto.

Besides, there are easily-available, much-stronger alternatives, in particular SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current Cygwin installer.

I recommend that Cygwin switch to SHA-512 soon.  It'll require that everyone update their installer to do future updates, but the installer download has been secured.  Then Cygwin can include in their FAQ a reasonable justification that its download and update process is secure.

--- David A. Wheeler

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple