Subject: Re: Verifying a kernel.
To: None <tech-kern@NetBSD.org>
From: Tonnerre <tonnerre@thundrix.ch>
List: tech-kern
Date: 07/20/2005 15:16:53
--OaZoDhBhXzo6bW1J
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Salut,
On Wed, Jul 20, 2005 at 09:10:06AM -0400, Allen Briggs wrote:
> What do you recommend for an algorithm for this purpose?
SHA1 can be used with care, still. SHA256, SHA384, SHA512 and SHA768
are good candidates.
> The purpose Matt stated was essentially a read-verify.
Did you think about people who might get the idea to use it for a different
purpose?
If you _only_ want a read verify, use CRC32, where it's clear that this
cannot be used for security relevant stuff, like checking whether the
kernel that is loaded is the kernel you wanted.
> This sounds a lot like, "Don't buy a light-duty drill because
> someone might decide to build a skyscraper with it. You need to
> get the Milwaukee Hole Hawg for all your drilling needs."
Not quite. The implementation that's being made could be used with little
changes to do what I pointed out, and people will get the idea to do that.
Then they read, it uses MD5, and say, oh, great. And then they make
assumptions they shouldn't make (If the MD5sum is the same, noone fiddled
with it (Just for anyone who wants to quote this out of context: THIS
IS A WRONG STATEMENT)).
You would agree that if you build a door lock that should only assure that
the door keeps closed, and is prone to being opened using lockpicks, people
might get the idea that it secures their doors, which is wrong.
Tonnerre
--OaZoDhBhXzo6bW1J
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFC3k7FXUVlAbfmNMIRAs28AKCEGFZx/dRb2XnulmdZkKJjYGs7RgCfXkSe
oxnDnsudvETjWV0iP5mKRZ4=
=jNs1
-----END PGP SIGNATURE-----
--OaZoDhBhXzo6bW1J--