[buug] Gentoo, Bluecurve and Linux too!

Rick Moen rick at linuxmafia.com
Fri Oct 18 17:28:55 PDT 2002 

Quoting Patrick Soltani (psoltani at ultradns.com):

> wow, we are getting technical here. from man pages:
> " These functions implement the MD5  message-digest  algorith,
>      which  takes as input a message of arbitrary length and pro-
>      duces as output a 128-bit "fingerprint" or "message  digest"
>      of  the input. It is intended for digital signature applica-
>      tions, where large file must be  "compressed"  in  a  secure
>      manner  before  being  encrypted with a private (secret) key
>      under a public-key cryptosystem such as RSA.
> "
>
> The operative word is "intended".  You can run MD5 on binary files and 
> is not confined to only compressed files.  In fact Solaris has the MD5
> finger prints for ALL the files in the system. I am sure not all of
> them are ".tar, etc" 
 
I think you may be missing Michael's point, that MD5 hashes are worse
than useless as a check on integrity unless you have high confidence
that the record of blessed MD5 sums has not been tampered with, not to
mention high confidence that the md5sum utility and its operating
environment have not themselves been compromised.

[About Ken Thompson's classic paper, "Reflections on Trusting Trust":]

> No I have not read what you consider Security Bible, but will do so
> when I get a chance.  Thanx for the pointer.

http://www.acm.org/classics/sep95/

Thompson dropped this bombshell in 1984, when he was being given an
award by the ACM.  He revealed that he had caused the standard C compiler 
included in practically all Unix systems to perpetuate a hidden
trojan-horse login on all systems in an ingenious fashion that was
completely undetectable by examining source code for _either_ the login 
program _or_ the C compiler itself, and that persisted even if you
recompiled the C compiler from clean sources.

In other words, it's not an adequate remedy even to infallibly audit all
the source code of all packages on your system, and recompile everything
from scratch.

Thompson points out that his malware gremlin could equally well have
been planted in "an assembler, a loader, or even hardware microcode."

More information about the buug mailing list