Re: [Gnu-arch-users] Re: MD5 is broken

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: MD5 is broken

From:	Jan Hudec
Subject:	Re: [Gnu-arch-users] Re: MD5 is broken
Date:	Wed, 16 Mar 2005 15:53:34 +0100
User-agent:	Mutt/1.5.6i

On Wed, Mar 16, 2005 at 10:54:52AM +0000, Bruce Stephens wrote:
> Ivan Boldyrev <address@hidden> writes:
> 
> [...]
> 
> > Attackers creates some sexy patch for TLA (for example, support of
> > multiple hashes from libgcrypt).  Then I create another patch that
> > stoles gpg passwords that people type when using signed archives.
> >
> > Two patches with same MD5 signature.  Quotation from paper of Czech
> > scientist:
> 
> Maybe you could do that, but remember these are collisions of things
> which have to be carefully constructed.
> 
> Anyway, hashes in Arch are about detecting unexpected modifications
> due to random breakage.  If you really care about patches you'd sign
> them, wouldn't you?

Have you noticed, that it's THE HASH that gets signed?!?!

--------------------------------------------------------------------------------
                                                - Jan Hudec `Bulb' 
<address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Re: MD5 is broken, (continued)

Prev by Date: [Gnu-arch-users] arch-pqm --run troubles
Next by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Previous by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Next by thread: [Gnu-arch-users] Re: MD5 is broken
Index(es):
- Date
- Thread