Re: [Gnu-arch-users] crypto features and 1.2preX

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] crypto features and 1.2preX

From:	Brian May
Subject:	Re: [Gnu-arch-users] crypto features and 1.2preX
Date:	Thu, 08 Jan 2004 10:09:48 +1100
User-agent:	Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux)

>>>>> "Brian" == Brian May <address@hidden> writes:

>>>>> "Tom" == Tom Lord <address@hidden> writes:

    Tom> When arch retrieves a file from an archive, it computes an
    Tom> MD5 of the file it receives and compares that to the checksum
    Tom> file.  If they disagree, an error is signaled and the
    Tom> operation is aborted.

    Brian> 1. I have heard, from other mailing lists, that it is
    Brian> feasible to alter a file *and* *its* length* in such a way
    Brian> that it will produce exactly the same MD5 Checksum. The
    Brian> moral of the story was you can't rely on the MD5 checksum
    Brian> by itself, you need the MD5Sum + Length of the data.

    Brian> Does arch do the right thing here?

When I wrote this message, I hadn't noticed the thread "SHA1 sums for
checksums file"; Colin Watson already raised the same issue (with
references). Sorry about the extra noise generated.
-- 
Brian May <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] crypto features and 1.2preX, Brian May, 2004/01/06
- Re: [Gnu-arch-users] crypto features and 1.2preX, Andrew Suffield, 2004/01/06
- Re: [Gnu-arch-users] crypto features and 1.2preX, Florian Weimer, 2004/01/07
- Re: [Gnu-arch-users] crypto features and 1.2preX, Brian May <=
  - Re: [Gnu-arch-users] crypto features and 1.2preX, Colin Walters, 2004/01/07

Prev by Date: [Gnu-arch-users] refactored my branches
Next by Date: [Gnu-arch-users] perforce gateway?
Previous by thread: Re: [Gnu-arch-users] crypto features and 1.2preX
Next by thread: Re: [Gnu-arch-users] crypto features and 1.2preX
Index(es):
- Date
- Thread