[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 sums of individual files?

On Thu, Mar 29, 2001 at 11:19:24AM -0800, Pat Moffitt wrote:
> It is more than possible.  There are people that have figured out how to pad
> a file to make the checksums the same.  They don't have to worry about the
> fact that your checksums cannot be changed because they will fake theirs to
> match.
 We're talking about MD5 hashes here, not CRC error detection codes.  You're
saying that people have broken MD5.  If this were true, I would have heard
about it by now!

>  This is much more work and would require that the hacker have more
> skills than the regular script kiddy.

 AFAIK, this requires a computationally-infeasible amount of work.

 Besides, if you pad a file, then the length is wrong.  You can check that
too.  (Of course, you could just change bytes mid-file, but that is probably
even harder, i.e. still impossible without all the worlds computers and a
lot of time.)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: