How Cygwin counters man-in-the-middle (MITM) attacks

David A. Wheeler dwheeler@dwheeler.com
Mon Mar 9 15:57:00 GMT 2015


On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <Stromeko@nexgo.de> wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum.  I think that is a much taller order than simply
> creating a hash collision.

That is harder, but I wouldn't trust it.

In 2004 it was shown that MD5 is not collision resistant, and the attacks just keep getting worse.  A quick check at the Wikipedia page about MD5 shows the sorry state of MD5.  The Software Engineering Institute (SEI) puts it pretty baldly: MD5 "should be considered cryptographically broken and unsuitable for further use".  You want to use known-strong crypto, not known-busted crypto.

Besides, there are easily-available, much-stronger alternatives, in particular SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current Cygwin installer.

I recommend that Cygwin switch to SHA-512 soon.  It'll require that everyone update their installer to do future updates, but the installer download has been secured.  Then Cygwin can include in their FAQ a reasonable justification that its download and update process is secure.

--- David A. Wheeler

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list