[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

R. A. Hettinga mac_crypto@vmeng.com
Mon, 5 Apr 2004 01:34:15 -0500

--- begin forwarded text

Delivered-To: cryptography@metzdowd.com
Date: Sun, 4 Apr 2004 17:56:51 -0400
To: "Arnold G. Reinhold" <reinhold@world.std.com>
From: Don Davis <dtd@world.std.com>
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
 authenticate  software releases
Cc: cryptography@metzdowd.com
Sender: owner-cryptography@metzdowd.com

hi, mr. reinhold --

there's stronger reason than the ones you cite,
to distrust md5 as a message-digest.  see these
old sci.crypt threads, and the google-search below,
for discussions of hans dobbertin's 1996 crack
of md5:




btw, in a phone conversation, dobbertin emphasized
to me that his attack only works when md5 is used
as a message-digest; it doesn't work when md5 is
used with a key to prepare a MAC.  he also mentioned
that while sha-1 may be vulnerable to an attack of
a similar style (because sha-1 is similar in struc-
ture to md5), he himself was forbiddden by german
law to work to cryptanalyze sha-1, because he worked
at that time for the german federal security service,
and so wasn't allowed to attack the USG's standard
ciphers.  now he's at ruhr university (in bochum),
but i don't know whether he's more of a free agent.

				- don davis, boston

> To: mac_crypto@vmeng.com
> From: "Arnold G. Reinhold" <reinhold@world.std.com>
> Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
> software
>  releases
> Sender: mac_crypto-admin@vmeng.com
> Reply-To: mac_crypto@vmeng.com
> List-Id: Macintosh Cryptography <mac_crypto.vmeng.com>
> List-Archive: <http://www.vmeng.com/pipermail/mac_crypto/>
> Date: Sun, 4 Apr 2004 06:17:55 -0500
> The cryptographic hash function MD5 has long been used to
> authenticate software packages, particularly in the Linux/Unix/open
> source community. This has carried over to Apple's OS-X. The MD5 hash
> of an entire package is calculated and its value is transmitted
> separately from the package. Users who download the package compute
> the hash of the copy they received and match that value against the
> original.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

--- end forwarded text

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'