Comments on the checksum vulnerabilities
hartmans at MIT.EDU
Fri Dec 3 10:15:23 EST 2010
I'd like to draw people's attention to a blog post I made on the
checksum vulnerabilities. I would like to start a discussion on what if
anything we still need to fix and on what we did wrong to get here.
* Is it desirable that you have to make an extra step when verifying a
checksum to make sure it is keyed?
* People were probably assuming that if a checksum works with a given
key and it is a keyed checksum, then it is a right kind of checksum
for that key from a security standpoint. Roughly, this is close to
assuming that checksums should either be unkeyed or work with one kind
of key. I think we want to make this actually true going forward.
* People assumed something similar when finding a keyed checksum.
* Documentation might have heleped.
However I feel like there is something I'm missing in here somewhere.
More information about the krbdev