(old)Puppy Linux Discussion Forum

I just noticed that MD5 checksums are still being used for Puppy ISO files that are available for download. MD5 is now considered to be insecure. Please use SHA-256 instead. Thank-you.

Phil

I think most Puppies come with the ability to calculate MD5 checksums but not SHA-256 ones. Am I wrong?

pcalvert wrote:I just noticed that MD5 checksums are still being used for Puppy ISO files that are available for download. MD5 is now considered to be insecure. Please use SHA-256 instead. Thank-you.

Phil

pcalvert,

I've written about this before, but I am always banging my head against the table because people do not understand what md5/sha sums do.

All md5/Sha1/256/512 and every other checksum out there ONLY provide file integrity check.They have nothing to do with security. Do not confuse the two.

If you want security, then one of two (preferably both) things need to happen:

1) developers/maintainers start using gnupg, get themselves a gpg key, get it up in the key repos, and start making downloaders get used to gpg --verify checking if that checksum they used actually came from the develop/maintainer. This is common practice for nearly every Linux OS in existence on the web right now. In Puppyland, well, you just gotta still take everything on faith it is ok

2) the 2nd thing that needs to happens is https on the murga site itself: why we (the users) who continually ask about this (to Flash) and keep getting put off, as if John Murga will not respond about it, just makes a person shake their head to the point of inventing a new dance. Why does this keep occurring? I ask again: is John dad or something?? The fact that a move to https might even be covered thru us murga-goers & posters funding it, we still cannot even get an answer to that.

It's just damn laziness, and inertia, on Murga here. And it looks to stay that way until something real sh!tty happens and ISOs of one of the popular pups get hits, and downloaders, many downloaders, get screwed over royally over a period of months. Maybe then something will happen, or someone will get off their collective hands & start moving forward with what every website on the web is doing---going to https and forcing their site developers/maintainers to issue gpg keys for the checksums.

Until then, be forewarned: you are your own security apparatus when it comes to anything puppy. Do not ever confuse that with simple file download integrity.

I mostly agree with Benham.

The MD5/SHA's are to check the integrity of the download. That's all they are intended to do.

However, the security of this board doesn't effect the ISO's either. They are controlled by the security of the sites they are uploaded and downloaded from. If someone is going to tamper with an ISO, hacking this forum doesn't help them. They have to hack ibiblio and/or it's mirrors (or github, dropbox or wherever else a particular ISO is stored).

Like with almost everything else related to computer security, the real vulnerability is social. If someone want to put a tampered evil ISO into circulation, the most effective way would be to build one, put it on dropbox or wherever, and then post it to this forum and convince people to download it. There is no technical way to protect against that.

If I understand it correctly, in this context, saying that MD5 sum is insecure, means that someone can inject malicious code into any file in an ISO Puppy Linux, and then, for some method, force the infected ISO to report the same MD5 sum as the original.

Am I right?

If I'm right, it's worth the effort?

Y'know, belham, don't take this the wrong way, but.....why are you so obsessed with this? It's a computer operating system we're talking about here, and associated software. It's not the Crown Jewels, or the irreplaceable Seventh Wonder of the World, right?

Anyway, I wouldn't worry too much about the software. I don't think you have even the remotest glimmerings of just how far-spread Puppy's resources are. I can guarantee you that in the event of the server going down, there is so much Puppy-related stuff mirrored privately on individual cloud 'hosting' accounts (and sundry other locations, too!), that the whole operation would be up-and-running again in less than a month.

(Don't forget, too, there's the 'alternate' forum at puppylinux.info. I believe aarf set that up originally some years ago when there was a major problem at John's end.....and for a while, it was pretty busy, 'cos Puppians migrated across for the duration.

Aarf still maintains it to this day.)

No, Puppy don't keep keep all her bones in one kennel, old son. And you know darn well there's no central organisation controlling Puppy, as there is with Canonical and Ubuntu. Diverse, diluted control has its advantages sometimes.

And so what if the community was to suffer an attack of compromised hardware? What do most of us run? That's right; old 'crap' most other folks would turn their noses up at as not being fit for the scrapyard, even. How long's it gonna take to replace that old 'crap', and re-install Pup? Days, man; hours, even, for many of us. And for those running from a flash drive, only minutes....

Keep calm, and 'Carry on...' (as we Brits used to say during the dark days of the last World War..!)


Mike.

Galbi wrote:If I understand it correctly, in this context, saying that MD5 sum is insecure, means that someone can inject malicious code into any file in an ISO Puppy Linux, and then, for some method, force the infected ISO to report the same MD5 sum as the original.

Am I right?

If I'm right, it's worth the effort?

No, it can't do that. Even if it could, it couldn't do it without defeating the security on ibiblio or wherever else the ISO resides.

The only thing here of relevance is that the OP has a misunderstanding of a checksum. Any alterations to a file or iso, etc will cause the checksum to be different.

Thus if I upload an iso and publish an sha1 checksum, the download can be compared to the published sha1sum. If the two match, the download is OK, else toss and try again.

At best its an implied security, but with merit. It does indicate the quality of the download connection.

Regards
8Geee

Flash wrote:I think most Puppies come with the ability to calculate MD5 checksums but not SHA-256 ones. Am I wrong?

Separately...
Slacko5.7 can and does generate sha256sums. I have used it for U/L's of a browser.

Regards
8Geee

I remember reading a few years ago that MD5 is insecure. The person also claimed that an attacker could modify a file in such a way that the MD5 value would not change. Unfortunately, I did not save a link to it.

Apparently, that person was mistaken. Or maybe the scenario he was referring to is purely theoretical, and of no practical significance.

Phil

I believe a few different files were found that gave the same checksum. That's nothing at all like being able to modify a file at will and come up with the same checksum as the original file. In that sense, MD5 is still plenty secure.

If you must worry, then worry that someone could crack a download site (such as Ibiblio), replace files with modified files containing malware and change the associated checksums to match the modified files. It seems to me that would take a lot more ambition and/or ability than most people have who might want to do such a thing.

A few references:

http://www.zdnet.com/article/researcher ... ed-binary/

http://www.zdnet.com/article/md5-passwo ... nger-safe/

https://www.codeproject.com/Articles/11 ... sions-in-C

I stand corrected.

It does appear that an arbitrary file can be somehow appended to a good file without changing the MD5 checksum of the resulting composite file. Anyway that's the way I interpret that last article. But to be useful it would require either the download site be cracked in order to replace the good file with the modified one, or the modified file to be circulated on the Internet.

I also stand corrected. It appears that you can have two different files with same md5sum. Thus using md5 as a "file-checker" is a bad choice.

I do recall Google announcing a 128-bit (SHA-1) collision, so that is also going to be deprecated shortly.

The OP stands as correct, we should use SHA-256 as file-checker.

Regards
8Geee

8Geee wrote:I also stand corrected. It appears that you can have two different files with same md5sum. Thus using md5 as a "file-checker" is a bad choice.

The existence of collisions is not unique to MD5. ANY checksum/hash must have collisions. This has to be true because every checksum/hash has a finite length, and therefore can only take on finitely many distinct values. Whereas there are infinitely many possible files/strings as inputs. You can't uniquely map infinitely many values onto a finite number of values. Collisions are inevitable. The question is, how easy is it to exploit the collisions? The presumption is that it is harder with SHA256 than with MD5.

Right, the more complex the algorithm the more difficult it is to have a collision. Early this year Google said they had generated a collision using SHA-1(28). IIRC MD5 collisions existed around 2005.

Funny thing is how "low" a priority this is according to brrowsers... my FF27 still allows a MD5 key to be set! In fact, there are only 2 true SHA256 keys with Foreward Secrecy, and a third without FS. When I ran FF45.8esr many poor algorithms were still included/available.

Regards
8Geee