Checksums Done Right

Matthew Garrett mjg59 at
Sat Jun 30 02:18:19 UTC 2007

On Fri, Jun 29, 2007 at 05:04:14PM -0700, Scott Beardsley wrote:

> Most Ubuntu packages (95% - my estimate) come with MD5 checksums at the
> file level (in a file called md5sums in control.tar.gz). debsums uses
> these (well actually a cache stored in /var/lib/dpkg/info/*.md5sums) for
> doing a *rough* verification that what is installed matches what
> *should* be installed. This is great until md5 collision attacks[1] and
> kernel-based rootkits are used on your system (common these days).

Do you have any references to the use of md5 collision attacks being 
common? The Wang and Yu attack requires the binaries to be the same size 
and to differ only in very controlled ways. It's not difficult to 
construct examples of collisions, but I'm not aware of anyone 
demonstrating the ability to replace an arbitrary binary with a trojaned 
one with the same md5sum.

> We have been working on a to-be-open-sourced product we are calling
> Checksums Done Right (CDR). A colleague gave a talk last week that
> included some notes about CDR[2]. Basically we've processed the md5sums
> files in dapper, edgy, and feisty and dumped it into a database. When we
> update our mirror we update our database. The mirror seems like the best
> place to offer this type of verification service. We have used it to
> verify binaries on Xen installations by taking LVM snapshots of the
> virtualized machine and sending checksums to the mirror using ssh all
> from the dom0. Our tests show that we can verify a system installation
> (libraries, binaries, and kernel modules) of up to 12k files in around 4
> seconds. This theoretically scales to 5k full machine scans per mirror
> per day.

It's possible that I'm missing the point here, but what guarantees do 
you have that you can trust your Dom0?

Matthew Garrett | mjg59 at

More information about the Ubuntu-devel-discuss mailing list