[Cryptography] Kali Linux security is a joke!

Michael Kjörling michael at kjorling.se
Sun Mar 22 09:08:18 EDT 2015

On 21 Mar 2015 22:28 -0400, from agr at me.com (Arnold Reinhold):
> On Thu, 19 Mar 2015 18:51 CodesInChaos wrote:
>> MD5 certainly isn't a great choice, but for software fingerprints it
>> isn't that big a risk.
> Use of MD5 is indeed a big — and totally unnecessary --- risk.

While I don't know about Kali Linux specifically, there are two things
that we do know:

1. Kali Linux is based on Debian.

2. Current Debian's "Release" file, which together with its GPG
signature forms the heart of Apt security, provides MD5, SHA1 _and_
SHA256 hashes of each listed file, plus the size of the file.

See for example ftp://ftp.debian.org/debian/dists/wheezy/Release and
search for "MD5:", "SHA1:" and "SHA256:" (the colons are important for
meaningful hits).

Finding a collision against MD5 might well be feasible if you are in a
position of controlling both files (collision attack rather than
preimage attack). Finding a valid collision against _all of_ MD5, SHA1
and SHA256 _simultaneously_ would be a lot more difficult; it would
be, at the very least, as difficult as finding a collision against the
strongest of the algorithms involved. At that point, it seems more
reasonable to just intercept the request for the Release and
Release.gpg files, and attack the single hash provided by the detached
GPG signature.

Also the fact that multiple hashes are already provided indicates that
the infrastructure is in place to support additional hashes; if a
crippling vulnerability in, or even the possibility of a practical
attack on, any of the algorithms involved were to be found, at the
very least it should be practical to add another hash algorithm and
choose to either maintain or retire the broken algorithm.

At least Debian provides the relevant GPG public keys in the installed
system, which limits our trust bootstrapping problem to the initial
download. If you have a trusted Debian system already installed, you
can verify the authenticity of the Debian downloads without relying on
anything not secured by the package manager, as described for example
at <https://lists.debian.org/debian-user/2014/08/msg00780.html>. The
ISOs are distributed along with MD5, SHA1, SHA256 and SHA512 hashes,
each of which signed by the distribution role key. Hence basically if
you have a trusted version of an OpenPGP implementation, and can gain
access to trusted role key fingerprints (perhaps from someone else who
already has Debian installed), you can meaningfully establish a
reasonable degree of trust in the installation images.

Which is probably about as close as is practical for most people to
come to a "trusted operating system installation".

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list