RE: MD5 sums of individual files?
It would make it much harder (read not really possible) to make the files
the same size. Tripwire checks these, I will have to take a look. Take my
word for it, it is no fun getting hacked. And for those of us that aren't
(weren't?) real security savvy, hire an over 18 year old hacker (most quit
at 18 in the US because they can now be sent to prison), very enlightening
(and most work cheap).
Pat Moffitt
MIS Administrator
Western Recreational Vehicles, Inc.
> -----Original Message-----
> From: Noah L. Meyerhans [mailto:frodo@morgul.net]
> Sent: Thursday, March 29, 2001 11:33 AM
> To: Debian Security List
> Subject: Re: MD5 sums of individual files?
>
>
> On Thu, Mar 29, 2001 at 11:19:24AM -0800, Pat Moffitt wrote:
> > It is more than possible. There are people that have figured
> out how to pad
> > a file to make the checksums the same. They don't have to
> worry about the
> > fact that your checksums cannot be changed because they will
> fake theirs to
> > match. This is much more work and would require that the
> hacker have more
> > skills than the regular script kiddy.
>
> No, MD5 has not been cracked. There are theoretical vulnerabilities.
> Some people have been able to create 2 files that have the same
> checksum, but only if they have complete control over both files. It is
> not (currently) possible to take a given file and create another file
> with the same MD5 sum. That's not to say that it won't ever change, but
> even if it does, there's no question that the file sizes would be
> significantly different. Tripwire (and most likely other similar
> products) track file sizes in addition to checksums.
>
> noah
>
> --
> _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html
>
>
Reply to: