Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 22 Mar 2015 23:58:06 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for Kali Linux

On 22/03/15 03:23 PM, Stephen Kitt wrote:
> On Sun, 22 Mar 2015 14:33:01 -0400, Daniel Micay <danielmicay@...il.com>
> wrote:
> [...]
>> At best, GPG offered *zero value* compared to checking a hash provided
>> via HTTPS, grabbing a torrent file via HTTPS or downloading directly via
>> HTTPS. However, I think it's pretty clear that few users would have gone
>> through with this and all it did was maintain the same security offered
>> by the HTTPS PKI.
> [...]
> 
> I don't have any objection to the rest of your argumentation, which seems
> sensible to me; at the very least it's clear that all this needs to be made
> much easier, and (proper) HTTPS use should be encouraged.
> 
> But I do believe that *at best*, GPG offers something that HTTPS doesn't:
> signature validation with peer-to-peer trust via the web of trust. This is
> "at best" because most users don't have a key in the strong set; but at least
> for Debian, the archive keys are in the strong set, so any one else with a
> key in the strong set has at least one trust path to the archive key.
> 
> Of course that doesn't really help with the MITM scenario, since end users
> would need to know that the archive key is supposed to be signed, and by
> whom...

An attacker only needs control over a few keys in the strong set to add
any number of keys they want, which can then sign other keys. There's
value in the GPG WoT but it's non-trivial to extract it. You could
specifically find Debian devs and obtain their fingerprints securely
from various other places. I think the numbers of users who are going to
do this can probably be counted on a single hand. If there were actually
instructions on this in the installation guide, it could be argued that
a secure option is there.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.