Re: dpkg-sig support wanted?

To: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 29 Nov 2005 15:24:54 +0100
Message-id: <[🔎] 87irubpm4p.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20051129133904.GA16409@seehuhn.vm.bytemark.co.uk> (Jochen Voss's message of "Tue, 29 Nov 2005 13:39:04 +0000")
References: <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de> <[🔎] 20051123160817.GB13417@cyan.localnet> <[🔎] 20051123220920.GD5414@hezmatt.org> <[🔎] 20051124023037.GE15019@cyan.localnet> <[🔎] 20051124131345.GE17550@khazad-dum.debian.net> <[🔎] 20051125025707.GD19298@cyan.localnet> <[🔎] 87wtiwh7tv.fsf@mid.deneb.enyo.de> <[🔎] 20051125231302.GD21979@cyan.localnet> <[🔎] 20051125234624.GA13795@uio.no> <[🔎] 871x0zsisi.fsf@informatik.uni-tuebingen.de> <[🔎] 20051129133904.GA16409@seehuhn.vm.bytemark.co.uk>

* Jochen Voss:

> On Tue, Nov 29, 2005 at 02:08:45PM +0100, Goswin von Brederlow wrote:
>> According to slashdot articles you can generate human readable files
>> (like the Packages file) with md5sum collision in ~45minutes on a
>> modern cpu now.

> I found the example at http://www.cits.rub.de/MD5Collisions/ quite
> impressive.  They have two different valid PostScript files with
> identical MD5 sums.  I don't know how much computing time they used,
> though.

None, many of these examples were created before the collision
generation tools were generally available.  The "exploit" uses some
properties of Postscript files which make them not very desirable for
storing electronic documents which cannot be altered.  For example, it
is possible to create a Postscript file whose output, when printed,
varies from printer to printer.

(Note the "rub.de" part of the URL.  A clear warning sign.)

Reply to:

Follow-Ups:
- Re: dpkg-sig support wanted?
  - From: Henning Makholm <henning@makholm.net>
- Re: dpkg-sig support wanted?
  - From: Jochen Voss <voss@seehuhn.de>

References:
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
- Re: dpkg-sig support wanted?
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: dpkg-sig support wanted?
  - From: Jochen Voss <voss@seehuhn.de>

Prev by Date: Re: dpkg-sig support wanted?
Next by Date: Re: dpkg-sig support wanted?
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread