Comments on the checksum vulnerabilities

Sam Hartman hartmans at MIT.EDU
Fri Dec 3 10:15:23 EST 2010

I'd like to draw people's attention to a blog post I made on the
checksum vulnerabilities.  I would like to start a discussion on what if
anything we still need to fix and on what we did wrong to get here.

Initial thoughts:

* Is it desirable that you have to make an extra step when verifying a
  checksum to make sure it is keyed?

* People were probably assuming that if a checksum works with a given
  key and it is a keyed checksum, then it is a right kind of checksum
  for that key from a security standpoint.  Roughly, this is close to
  assuming that checksums should either be unkeyed or work with one kind
  of key. I think we want to make this actually true going forward.

* People assumed something similar when finding a keyed checksum.

* Documentation might have heleped.

However I feel like there is something I'm missing in here somewhere.

More information about the krbdev mailing list