ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated

2010-12-28 10:18:27
from [Martin Rex] [Permanent Link] 
Sam Hartman wrote:


I'm OK with this text.  I tried to come up with a way to briefly discuss
how error detection is very related to things like protecting against
substitution of content (the internet mirror case) but failed to come up
with something brief.
So, I'm fine with what you have.


The use of MD5 _is_ a security problem in integrity protection scenarios.

When used for checksums when mirroring sites, a "contributor" could
precompute a collision for a file he contributed in order to perform
an MITM attack on specific downloads (substituting a trojaned package
with the same md5sum into the download while leaving the file on the
Download servers clean.

-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-arkko-ipv6-transition-guidelines-08.txt> (Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment) to Informational RFC, Jari Arkko
Next by Date:  Re: Automatically updated Table of Contents with Nroff, Martin Rex
Previous by Thread:  Re: Last Call: <draft-turner-md5-seccon-update-07.txt> (Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms) to Informational RFC, Sam Hartman
Next by Thread:  Re: Last Call: <draft-kucherawy-authres-vbr-01.txt> (Authentication-Results Registration For Vouch By Reference Results) to Proposed Standard, Jay Gopalakrishnan
Indexes:  [Date] [Thread] [Top] [All Lists]