[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Bob Ippolito bob at redivi.com
Fri Oct 3 11:48:27 EDT 2003 

On Friday, Oct 3, 2003, at 11:03 America/New_York, Jack Jansen wrote:

>
> On Friday, October 3, 2003, at 01:13 PM, Bob Ippolito wrote:
>>> Sorry, I wasn't clear enough. There is no such thing as a central 
>>> list of trusted packages.
>>> Your database would have an IntegrityCheck of 
>>> <https://undefined.org/pimp/integrity/%s.html>.
>>> The integrity check succeeding would only mean that the database the 
>>> user has on-disk is
>>> indeed the exact same database as what you created, and by trusting 
>>> the database the
>>> end-user trusts you (or, actually, as you pointed out elsewhere, the 
>>> end user trusts you and
>>> your webhoster).
>>
>> I don't understand how this could possibly be useful for a database 
>> that changes often.  You need a public key algorithm, not a hashing 
>> algorithm.
>
> The whole point of the exercise with md5 sums and using your browser 
> for secure http access is
> to work around the fact that we have no public key algorithm in 
> Python...
>
> If you know of one that has a license that is Python-compatible *and* 
> you can convince
> Guido to incorporate it into Python 2.4: great! I'd gladly use it in 
> PackMan.

pyCrypto's license is the following (and is not dependent on any other 
libraries):
===================================================================
Distribute and use freely; there are no restrictions on further
dissemination and usage except those imposed by the laws of your
country of residence.  This software is provided "as is" without
warranty of fitness for use or suitability for any purpose, express
or implied. Use at your own risk or not at all.
===================================================================

Incorporating the code into commercial products is permitted; you do
not have to make source available or contribute your changes back
(though that would be nice).

That sounds Python compatible to me :)  I think this problem is solved. 
  Crypto supports the following public key algorithms:
Public-key algorithms: RSA, DSA, ElGamal, qNEW.

ElGamal is what PGP uses, IIRC.

What's the procedure to convince Guido that Python should REALLY have 
this module as part of any distribution that also includes PackMan?

>> So let's put a public key algorithm into Python and do it the right 
>> way.  md5 is not going to do what you want it to do.  md5 can only 
>> verify that a file is very probably exactly the same as what it was 
>> when the hash was created, it doesn't tell you it was created by a 
>> trusted source.
>
> On its own, no. But combined with another algorithm that allows a 
> trusted source to
> advertise (in a secure way) the md5sums of all relevant documents s/he 
> ever created
> it does. If you really want I could write it down in 
> Needham-Burrows-Abadi formalism
> (or whatever the people involved were again).
>
> Or, to elaborate on the steps again (taking you as an example):
>
> 1. You change your pimp database.
> 2. You take the md5sum of it, let's say it's 12345 (but with many more 
> digits:-)
> 3. You create a secure document 
> https://undefined.org/pimp/integrity.html
>    saying "I, Bob Ippolito, created this packman database. Use at your 
> own risk".
> 4. You don't ever delete this file, even when updating the database.
> 5. You now upload the database to 
> <http://undefined.org/pimp/pimp-macosx-whatever.plist>.
> 6. My mum downloads your database through packman, and presses the 
> "integrity check"
>    button.
> 6. She is presented with a dialog
> 	You can now use your internet browser to test that this database was
> 	actually created by %s. Check that the padlock is closed (if it is
> 	open there is a very good chance that this is a forged database). If
> 	you get a message about an untrusted certificate this is also a sign
> 	of a forgery. Finally check that the URL starts with https: and points
> 	to the website of %s.
> 	
> 	Note that all these checks only mean that this database has not been 
> tampered
> 	with since it was created. Whether you trust %s remains wholly up
> 	to you.

1.  You orchestrate some sort of man in the middle attack.
2.  You take the existing integrity.html document
3.  You create a new evil packman plist file
4.  You add the md5sum of your evil packman plist file and append it to 
integrity.html
5.  You upload the database and integrity.html to your evil man in the 
middle server

The padlock thing helps some, but it only works for people with trusted 
SSL certificates, which are typically not cheap, and I wouldn't expect 
everyone maintaining a distribution to have one.  I got a ridiculously 
good deal on the hosting for pythonmac.org, and it came with a free 
year long SSL cert, so that's why I have one.

I'm not sure exactly how md5sum of the plist file helps anything, it 
seems like redundant information to me.  Anyone that could alter the 
plist file could also alter integrity.html.

With a public key algorithm you need to acquire the public key once 
(say from the site itself the first time you trust the package, the web 
site that pointed you to the repository, or from python.org somewhere 
if it's an "officially trusted" repository).  Any time after you 
acquired the unmodified public key you can verify the authenticity of 
the package list so far as whomever made it was in possession of the 
public key.

-bob

More information about the Pythonmac-SIG mailing list