[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ms-sys contains MBRs which are copyrighted by Microsoft

Gunnar Wolf <gwolf@gwolf.org> wrote:
> leorolla dijo [Thu, Apr 01, 2010 at 06:23:59AM -0700]:
>> For security reasons it could perform a checksum verification to
>> protect the user from a corrupt or virus-infected backup file.
>> So the simple changes in the source would be:
>> * remove the problematic file from the source code
>> * change the source code to
>> -look for a 446-byte file with a specific filename
>> -if absent, produce error message explaining what the user is supposed
>> to do and exit
>> -perform the checksum verification
>> -if fails, produce appropriate error message and exit
>> -copy the file to the mbr
>> (Is it also be copyright violation to distribute checksums along with
>> the program? In this case, add "look for the presence of a checksum
>> file with a given name etc; if absent, produce an error message
>> telling the user to copy it from a trusted source etc and exit".)
> Humm... and given the search space is just giant (and not
> mindboggingly huge), you could even add a loop that generates a random
> 446-byte-long content until it matches the md5sum and the sha1sum for
> said file?

The math does not work.  The search space is still too unfeasibly
large.  There are 2^(8*448) different combinations.  You will find a
collision in md5sum first, though the sun would have burned out long
before the loop completed.

Walter Landry

Reply to: