[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] crypto features and 1.2preX
From: |
Andrew Suffield |
Subject: |
Re: [Gnu-arch-users] crypto features and 1.2preX |
Date: |
Wed, 7 Jan 2004 01:21:42 +0000 |
User-agent: |
Mutt/1.5.4i |
On Wed, Jan 07, 2004 at 11:13:34AM +1100, Brian May wrote:
> >>>>> "Tom" == Tom Lord <address@hidden> writes:
>
> Two questions:
>
> Tom> * MD5 Checksums of Revision Data
>
> [...]
>
> Tom> When arch retrieves a file from an archive, it computes an
> Tom> MD5 of the file it receives and compares that to the checksum
> Tom> file. If they disagree, an error is signaled and the
> Tom> operation is aborted.
>
> 1. I have heard, from other mailing lists, that it is feasible to
> alter a file *and* *its* length* in such a way that it will produce
> exactly the same MD5 Checksum. The moral of the story was you can't
> rely on the MD5 checksum by itself, you need the MD5Sum + Length of
> the data.
Sounds like FUD to me.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature