Linux system compromised by backdoor Trojan

Other talk that doesn't fit elsewhere.
This is for General Discussion, not General chat.
User avatar
JDW
Regular
Regular
Posts: 1669
Joined: 18 May 2010, 20:44

Re: Linux system compromised by backdoor Trojan

Post by JDW »

I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
User avatar
Zarel
Elite
Elite
Posts: 5770
Joined: 03 Jan 2008, 23:35
Location: Minnesota, USA
Contact:

Re: Linux system compromised by backdoor Trojan

Post by Zarel »

j0shdrunk0nwar wrote:I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?
MD5 is vulnerable to collision attacks.

Once you publish the MD5 hash of a file constructed with no malicious intent, it can't be attacked with collision attacks, only preimage attacks, which MD5 is not vulnerable to.

There are certain things MD5 is weak against, but for the majority of purposes we use it for, MD5 is just fine.

We as a society need a newer hash standard, and SHA-3 will be that standard, but MD5 is currently good enough.
User avatar
JDW
Regular
Regular
Posts: 1669
Joined: 18 May 2010, 20:44

Re: Linux system compromised by backdoor Trojan

Post by JDW »

Good to know, thanks Zarel..
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
User avatar
Corporal Punishment
Trained
Trained
Posts: 291
Joined: 28 Aug 2009, 12:29

Re: Linux system compromised by backdoor Trojan

Post by Corporal Punishment »

Zarel wrote:
j0shdrunk0nwar wrote:P.S: Personally, I would prefer the checksum displayed, to the right of the Download button for the game.. But it's your call..
But we often have two download buttons next to each other - see the Mac OS X version on the Download page, or the Videos. Where would we put the MD5 then?
How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?
Qui desiderat pacem bellum praeparat
Flavius Vegetius Renatus, De re militari
KukY
Regular
Regular
Posts: 1859
Joined: 20 Mar 2009, 21:56

Re: Linux system compromised by backdoor Trojan

Post by KukY »

Corporal Punishment wrote:How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?
Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.
User avatar
m1ndgames
Trained
Trained
Posts: 142
Joined: 04 Jun 2010, 20:30
Location: Germany
Contact:

Re: Linux system compromised by backdoor Trojan

Post by m1ndgames »

would be a neat feature but.. how many of you people compared the checksums before extracting gz's?

i never did beside at work machines (where i had to)
User avatar
Zarel
Elite
Elite
Posts: 5770
Joined: 03 Jan 2008, 23:35
Location: Minnesota, USA
Contact:

Re: Linux system compromised by backdoor Trojan

Post by Zarel »

KukY wrote:Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.
This. There really aren't very many places to put an MD5. I was thinking about a mouseover thing, but that's way too much attention to draw to something that 80% of users have no idea what it is, and 19% know what it is and don't care.
stiv
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 876
Joined: 18 Jul 2008, 04:41
Location: 45N 86W

Re: Linux system compromised by backdoor Trojan

Post by stiv »

There really aren't very many places to put an MD5.
Most people just put up a text file with the md5 checksum in it.
User avatar
Zarel
Elite
Elite
Posts: 5770
Joined: 03 Jan 2008, 23:35
Location: Minnesota, USA
Contact:

Re: Linux system compromised by backdoor Trojan

Post by Zarel »

Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.
User avatar
BlueMaxima
Trained
Trained
Posts: 431
Joined: 05 Jun 2008, 09:20
Location: Sydney, Australia
Contact:

Re: Linux system compromised by backdoor Trojan

Post by BlueMaxima »

Zarel wrote:Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.
Good luck with that. ;)
Bring back...ducks!
User avatar
JDW
Regular
Regular
Posts: 1669
Joined: 18 May 2010, 20:44

Re: Linux system compromised by backdoor Trojan

Post by JDW »

Just a way the Linux Mint folks implemented it on their website

http://www.linuxmint.com/edition.php?id=52
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
KukY
Regular
Regular
Posts: 1859
Joined: 20 Mar 2009, 21:56

Re: Linux system compromised by backdoor Trojan

Post by KukY »

j0shdrunk0nwar wrote:Just a way the Linux Mint folks implemented it on their website

http://www.linuxmint.com/edition.php?id=52
Nice, but would take tooo much space.
Post Reply