Re: Archive signatures versus message digests

On Wed, Nov 16, 2011 at 04:59:55PM +0100, Guido Trentalancia wrote:
> is currently distributing GNOME sources without a proper
> signature.

That is just our primary mirror. This is handled by

> A good advice I would give you is to get rid of the various message
> digests such as MD5 and SHA and start using OpenPGP signatures (they can
> be easily created by scripts using free software such as
> Ideally the secret key should be kept on
> a machine different from the distributing server. Ideally such machine
> should not be connected to the Internet at all and it should be only
> used to sign the packages and upload them to the distributing server
> along with the detached signatures.

The SHA256 is to ensure integrity, not security.

Not sure why you suggest not connecting it to the internet, while still
having it upload stuff.

What I thought was having a HSM. The goal would be to validate that the
tarball downloaded from is the same as the file on

Anything else seems pointless. If is compromised, it
seems logical you can also create the signature.

> Message digests used the way you are using them are completely useless
> in my opinion (and that of many others).

I don't care how many people agree or not agree about something.

It is to check integrity, nothing more.

> If the ftp/web server is compromised (take for example the recent attack
> on, an attacker would be able to replace BOTH the file AND
> the message digests. If the attack is carried out by a man in the
> middle, then a compromised archive could be sent/injected along with a
> compromised message digests.

If you compromise the machine where you upload the tarball, it does not
matter if you compromise the HSM or another machine or not. You can
still have it change the signature.

> Message digests located at the same server provide no security benefit
> at all to the end user (they might perhaps provide a little benefit when
> located at a different server for the first kind of attack depicted
> above, I suppose).

Your assumption that they're for security is incorrect.

> Is there any specific reason for not using OpenPGP signatures (which is
> standard practice amongst other things) ?

We don't have a HSM in the machine. Other than that, there is already a
bug about adding a HSM, just not implemented.

> See for example They are already using this scheme !
> They've always been using this scheme !

Not high on priority list as IMO it requires a HSM, plus I think a
compromise of the machine which uploads stuff will still result in
signed tarballs, lastly nobody ever seems to use the SHA256 hashes (some
are incorrect). Would still be nice.

This is not really security gnome org stuff though, suggest continuing
in either bug or gnome-infrastructure gnome org (public + cc'ed).

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]