On Wed, 13 Feb 2002 19:52:33 EST, you said: > Correct me if I'm wrong, but isn't it the *client* that verifies the > final MD5 of the assembled file? Correct, but it needs something to compare it to.. > In order for a MITM attack to be successful, the initial download of the > stub from kazaa must be trojaned. This is done from the kazaa website Also correct. Notice however that if the initial stub is compromised, it's "game over". The kazaa scheme *is* certainly much more secure than not doing anything at all, and *does* close down most of the vulnerabilities quite nicely - but it *is* still vulnerable to a number of fairly obvious attacks. > Trusting downloaded software is a difficult proposition. The MS code > signing key debacle showed that even a trusted third party has "oops"es > and undoubtedly is vulnerable to arm-twisting by <insert three-letter > agency here>. Also correct, and my point - simply saying "it *must* be safe because it made some attempt to protect itself" has its own vulnerabilities, and that there needs to be an out-of-band way to verify what's going on. I don't mind if people say "OK, kazaa's scheme is secure enough for me, my threat model doesn't include the sort of subterfuge required". It's just the implication that since kazaa does X, Y, and Z, that the download is guaranteed safe. Remember - just because Larry Ellison says Oracle is "unbreakable", doesn't mean it is so. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 15:14:11 PST