[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please test gzip -9n - related to dpkg with multiarch support

On Wed, Feb 08, 2012 at 11:33:37AM +0100, Bernhard R. Link wrote:
> On the other hand most uncompressors silently ignore unexpected
> data after end of file markers. So the compressed file is even more
> easily tempered with (especially as debsums only stores md5 without
> size and md5 does not include the size in the hash like the sha* do.
> So if one can append arbitrary stuff, it is easy prey).

This is not true.  MD5 and the SHA variants are all Merkle-Damgård
constructions, which is what makes them vulnerable to length extension
attacks if the compression function is not secure.  Merkle-Damgård
constructions include the number of bits hashed in the hash.

But yes, MD5 is vulnerable to length extension attacks.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: