From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 2/4] pkg-infra: add possiblity to check downloaded files against known hashes
Date: Sat, 7 Nov 2020 22:32:31 +0100 [thread overview]
Message-ID: <20201107213231.GC3971474@scaer> (raw)
In-Reply-To: <87y2jdxekx.fsf@dell.be.48ers.dk>
Peter, All,
On 2020-11-07 18:27 +0100, Peter Korsgaard spake thusly:
[--SNIP--]
> > One thing we may consider adding to reinforce our robustness, is to
> > store the file size in the hash file, in addition to the hash, e.g.:
[--SNIP--]
> > This would protect against size-extension attacks, which afaiu are the
> > only attacks really considered for now against sha2 [1]...
[--SNIP--]
> I wonder if the gain is worth the extra complexity for our users and in
> the implementation.
The implementation is pretty trivial. I have more changes against the
manual than I have against the code...
> Are there are any realistic size extension attacks
> against sha256?
Good question... At least, it looks like it was known from the onset,
during the standardisation process:
https://www.cryptologie.net/article/417/how-did-length-extension-attacks-made-it-into-sha-2/
http://www.cs.utsa.edu/~wagner/CS4363/SHS/dfips-180-2-comments1.pdf (comment #3)
And the following seems to imply it is pretty trivial (for a seasoned
cryptographer at least):
https://www.whitehatsec.com/blog/hash-length-extension-attacks/
https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
So yes, it looks like length extension attacks (LEA) are easy...
However, now that I've read a bit more, especially that last article, I
doubt we'd be susceptible to such attacks. Indeed, LEA target MACs, that
is signatures. We're not using hashes that way; we just hash files, not
secrets.
So maybe this is not so interesting to add the size to the hash file...
Crypto is hard, damit... ;-)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2020-11-07 21:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-03 19:36 [Buildroot] [PATCH 0/4 v11] Some download-related changes (branch yem/check-downloads) Yann E. MORIN
2014-07-03 19:36 ` [Buildroot] [PATCH 1/4] pkg-infra: don't use DL_DIR as scratchpad for temporary downloads Yann E. MORIN
2014-07-04 21:35 ` Peter Korsgaard
2014-07-04 22:15 ` Yann E. MORIN
2014-07-03 19:36 ` [Buildroot] [PATCH 2/4] pkg-infra: add possiblity to check downloaded files against known hashes Yann E. MORIN
2014-07-04 21:49 ` Peter Korsgaard
2020-11-05 18:38 ` Bernd Kuhls
2020-11-05 21:12 ` Yann E. MORIN
2020-11-06 20:28 ` Bernd Kuhls
2020-11-07 17:27 ` Peter Korsgaard
2020-11-07 21:32 ` Yann E. MORIN [this message]
2020-11-08 17:14 ` Peter Korsgaard
2014-07-03 19:36 ` [Buildroot] [PATCH 3/4] manual: add documentation about packages' hashes Yann E. MORIN
2014-07-04 21:50 ` Peter Korsgaard
2014-07-03 19:36 ` [Buildroot] [PATCH 4/4] package/ca-certificates: add tarball's hashes Yann E. MORIN
2014-07-04 21:50 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201107213231.GC3971474@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox