Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] autorpm and latest secure files
  • From: dproc <dproc@xxxxxxx>
  • Date: Sat, 12 Aug 2000 08:01:05 -0400
  • Message-id: <20000812080105.A285@xxxxxxxxxxxxxxx>
On Fri, 11 Aug 2000, Kurt Seifried wrote:
>
> Wrong answer. USE GNUPG. Ok the problem with MD5/SHA1/etc/etc is for each
> package I need to get you the package, and the sig securely. With GnuPG I
> need to get the key to you securely ONCE, i.e. SuSE ships the keys on the
> CD. SuSE cannot ship all the future MD5/SHA1/etc sums on the CD for obvious
> reasons.
>

Kurt has is a great answer. It is probably the strongest tool
available. By the way seems nearly as secure to md5/SHA1 sign, and
then for the signature to be distributed independently signed with a
trusted key. That is Roman's signed email announcements.

But at the risk of repeating the obvious, I will paraphrase Phil
Zimmerman's pgp READMEs: it is only as safe as the computers hosting
the signing and checking code. If an attacker trojaned your local
GnuPG binary or tampered with your public keyring, he could get false
signatures past you.

And the trusted suse private key (using suse as an example) may be shared
among a number of employees, and it may even be used for automatic
code signing (eugh!) It would just take one of them to allow their
private keyring to be stolen - and until they notice and get an
announcement to you - you are vulnerable to man-in-the-middle attacks.

So independent sources may still be a useful weapon in the armory.

<SNIP>
> > fun. When something breaks, *I* want to be the reason why. :>
>
> Security has to be automated as much as possible. What happens when
> companies roll out 5000 linux desktops?
>

Quite. And you will be automating firewalls, tripwire, config file
distribution and many other weapons. It may make sense to download
updates only once (by your admin) manually, verify them and sign them
with an in-house key, and then distribute automatically to 5000
workstations. There are other non-security benefits to this.

BTW IMHO the key doesn't need to be on the CD to be trusted. The SuSE
key fingerprint is in chapter 18 of the manual. If you get a paper
manual it is reasonably independent of the Internet.

dproc


< Previous Next >
Follow Ups