On 3-okt-03, at 17:48, Bob Ippolito wrote: >> On its own, no. But combined with another algorithm that allows a >> trusted source to >> advertise (in a secure way) the md5sums of all relevant documents >> s/he ever created >> it does. If you really want I could write it down in >> Needham-Burrows-Abadi formalism >> (or whatever the people involved were again). >> >> Or, to elaborate on the steps again (taking you as an example): >> >> 1. You change your pimp database. >> 2. You take the md5sum of it, let's say it's 12345 (but with many >> more digits:-) >> 3. You create a secure document >> https://undefined.org/pimp/integrity.html >> saying "I, Bob Ippolito, created this packman database. Use at >> your own risk". AAAARGH! Here I made a crucial mistake: the URL is specific to this instance of your database, in other words, it is <https://undefined.org/pimp/integrity/12345.html>. >> 4. You don't ever delete this file, even when updating the database. >> 5. You now upload the database to >> <http://undefined.org/pimp/pimp-macosx-whatever.plist>. >> 6. My mum downloads your database through packman, and presses the >> "integrity check" >> button. >> 6. She is presented with a dialog >> You can now use your internet browser to test that this database was >> actually created by %s. Check that the padlock is closed (if it is >> open there is a very good chance that this is a forged database). If >> you get a message about an untrusted certificate this is also a sign >> of a forgery. Finally check that the URL starts with https: and >> points >> to the website of %s. >> >> Note that all these checks only mean that this database has not been >> tampered >> with since it was created. Whether you trust %s remains wholly up >> to you. > > 1. You orchestrate some sort of man in the middle attack. > 2. You take the existing integrity.html document > 3. You create a new evil packman plist file > 4. You add the md5sum of your evil packman plist file and append it > to integrity.html > 5. You upload the database and integrity.html to your evil man in the > middle server > > The padlock thing helps some, but it only works for people with > trusted SSL certificates, which are typically not cheap, and I > wouldn't expect everyone maintaining a distribution to have one. Having a trusted SSL certificate is tantamount to the whole idea! Untrusted SSL certificates are as good as locking your door and leaving the key under a stone beside it.... But note that not everyone maintaining a pimp database would need one, it would just mean a little more work. If I had an SSL key, and you and I could communicate securely (lets say PGP-based) you would put a URL of the form <http://www.cwi.nl/~jack/pimp/integrity/%s.html> in your database, send me the md5 sum whenever you change it, and I would create the 12345.html file with the contents "I, Jack Jansen, am convinced Bob Ippolito created this database". -- Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack If I can't dance I don't want to be part of your revolution -- Emma Goldman
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4