Re: Compromised system - still ok?

To: debian-security@lists.debian.org
Subject: Re: Compromised system - still ok?
From: Robert Lemmen <robertle@semistable.com>
Date: Mon, 7 Feb 2005 18:01:45 +0100
Message-id: <[🔎] 20050207170145.GC6105@sandbender>
In-reply-to: <[🔎] 4207980C.8030404@fmi.uni-sofia.bg>
References: <[🔎] 4db47c87b282a133f5cbf3e4c3b0af92@acm.org> <[🔎] ceb0ad005020609403e1a633f@mail.gmail.com> <[🔎] 20050206232250.GQ8765@A-Eskwadraat.nl> <[🔎] 4206AAB6.7020402@strategicdata.com.au> <[🔎] 4207980C.8030404@fmi.uni-sofia.bg>

On Mon, Feb 07, 2005 at 06:32:12PM +0200, Ognyan Kulev wrote:
> Another thing he doesn't like is that check is based on signed MD5 hash of 
> content instead of based on signed content.  Is it true that signed MD5 is 
> weaker than signed content?

assymetric crypto ops are very slow, so you wouldn't want to do them on
the whole content (signature would be the same order of size as teh
content too..). so you always sign a message digest. you would want to
choose a better one than md5 though (sha1 for example), but that's a
trivial change

cu  robert

-- 
Robert Lemmen                               http://www.semistable.com

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Compromised system - still ok?
  - From: DI Peter Burgstaller <pburgstaller@acm.org>
- Re: Compromised system - still ok?
  - From: Michael Marsh <michael.a.marsh@gmail.com>
- Re: Compromised system - still ok?
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: Compromised system - still ok?
  - From: Geoff Crompton <geoff.crompton@strategicdata.com.au>
- Re: Compromised system - still ok?
  - From: Ognyan Kulev <ogi@fmi.uni-sofia.bg>

Prev by Date: Re: Compromised system - still ok?
Next by Date: Re: Compromised system - still ok?
Previous by thread: Re: Compromised system - still ok?
Next by thread: Re: Compromised system - still ok?
Index(es):
- Date
- Thread