Re: [Gnu-arch-users] Re: MD5 is broken

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: MD5 is broken

From:	Bruce Stephens
Subject:	Re: [Gnu-arch-users] Re: MD5 is broken
Date:	Wed, 16 Mar 2005 10:54:52 +0000
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

Ivan Boldyrev <address@hidden> writes:

[...]

> Attackers creates some sexy patch for TLA (for example, support of
> multiple hashes from libgcrypt).  Then I create another patch that
> stoles gpg passwords that people type when using signed archives.
>
> Two patches with same MD5 signature.  Quotation from paper of Czech
> scientist:

Maybe you could do that, but remember these are collisions of things
which have to be carefully constructed.

Anyway, hashes in Arch are about detecting unexpected modifications
due to random breakage.  If you really care about patches you'd sign
them, wouldn't you?

[...]

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Re: MD5 is broken, (continued)

Prev by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Next by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Previous by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Next by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Index(es):
- Date
- Thread