On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <shorty@debian.org> writes:
> > > Debsums seems to help a little bit - you can expect to catch some less-clueful
> > > intruders with it, but it doesn't help in general.
> >
> > debsums just uses md5sums which can be manipulated on the one hand and
> > on the other hand you modify binaries so that the md5sum will still be
> > the same.
> So you've effectively broken MD5 in a way that would yield useful
> results (ie would allow you to replace a specific binary with another
> specific binary, not with some more or less random garbage). How came
> it that you weren't prominently mentionend in this month's cryptogram?
Small adnotation to this: If someone would have read the whole
discussion about this, he would have found my explanation of this
statement. But seems like some people always read only some mails and
then make their assumptions. :(
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpOriaMXmGud.pgp
Description: PGP signature