Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Someone please tell DACsunlimited not to use MD5  (Read 306 times)

Offline theoretical

Someone please tell DACsunlimited not to use MD5
« on: September 28, 2014, 08:07:38 PM »

Anyone who uses the BitShares client is trusting their money to the maintainers' cryptography skills.

Signing releases with MD5 does not inspire confidence in those skills.

For security, it is necessary to use an up-to-date hash algorithm like sha256sum.  MD5 is insecure; it has a history of published vulnerabilities and successful practical collision attacks.

Using an up-to-date algorithm is not sufficient to guarantee security.  An attacker with the capability to replace the binary download with a malicious file would also be able to replace the hash.  The hash MUST be signed with a trusted public key!

Here is how releases should be signed:

Code: [Select]
$ sha256sum BitSharesX-0.4.18-x64.exe | tee BitSharesX-0.4.18-x64.exe.sha256sum
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  BitSharesX-0.4.18-x64.exe
$ bitshares_client
>>> wallet_sign_hash drltc "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

Then publish the two hex values above.  (For convenience, we put the first number in a file.)  To check, you can run:

Code: [Select]
$ sha256sum -c BitSharesX-0.4.18-x64.exe.sha256sum
BitSharesX-0.4.18-x64.exe: OK
$ bitshares_client
>>> blockchain_verify_signature drltc "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" "20db75781b52d8830b1eb080fc0f130bce8ce76d0cf1b04a4a00a589404085675b2afc812c9847d1656e0504b6bc0a33f2a4f62671a585c1eec6b5f65cb7ef4b1d"

Note, "drltc" in the above commands should be replaced with the name of the DACsunlimited release signing account (it is an implementation detail whether to use the main DACsunlimited account for this, or a dedicated sub-account).

The second step is necessary -- an adversary offering a malicious download can compute their own hash, but cannot produce a signature for the malicious hash without access to the private key of the DACsunlimited signing account.  Which can be more thoroughly secured than access to the DACsunlimited Github account (e.g. cold storage).  I was going to post this last night, but I noticed that you can't actually do the last step with the current client version because there is no blockchain_verify_signature command.  I fixed it in this pull request:

We should also work on making builds reproducible, so anyone can verify that the released executable was generated from the published source code without any malicious modifications.  But this will likely need more than a single Saturday evening of development time.
« Last Edit: September 28, 2014, 09:22:22 PM by drltc »
BTS- theoretical / PTS- PZxpdC8RqWsdU3pVJeobZY7JFKVPfNpy5z / BTC- 1NfGejohzoVGffAD1CnCRgo9vApjCU2viY / the delegate formerly known as drltc / Nothing said on these forums is intended to be legally binding / All opinions are my own unless otherwise noted / Take action due to my posts at your own risk

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 11867
    • View Profile
    • BitShares.Europe
  • BTS: xeroc
  • GitHub: xeroc
Re: Someone please tell DACsunlimited not to use MD5
« Reply #1 on: September 28, 2014, 08:11:26 PM »
+5% .. FULL ACK!!
Give BitShares a try! Use the provided by

Offline bitcoinerS

  • Hero Member
  • *****
  • Posts: 583
    • View Profile
Re: Someone please tell DACsunlimited not to use MD5
« Reply #2 on: September 28, 2014, 08:21:36 PM »
Good work. Thx.

If/when you are in contact with DSL please tell them to setup ppa repository for Ubuntu binaries. They keep ignoring linux users.

user: maqifrnswa

maintains an Ubuntu PPA:

This needs to be published by DSL.
« Last Edit: September 28, 2014, 08:24:14 PM by bitcoinerS »
>>> approve bitcoiners

Offline GaltReport

Re: Someone please tell DACsunlimited not to use MD5
« Reply #3 on: September 28, 2014, 08:37:05 PM »

I'm very uncomfortable every time I download that binary....

Offline bytemaster

Re: Someone please tell DACsunlimited not to use MD5
« Reply #4 on: September 28, 2014, 08:40:10 PM »
I'll let them know... I can't believe they are using it myself.
For the latest updates checkout my blog:
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.