On Thu, Mar 29, 2001 at 11:19:24AM -0800, Pat Moffitt wrote: > It is more than possible. There are people that have figured out how to pad > a file to make the checksums the same. They don't have to worry about the > fact that your checksums cannot be changed because they will fake theirs to > match. This is much more work and would require that the hacker have more > skills than the regular script kiddy. No, MD5 has not been cracked. There are theoretical vulnerabilities. Some people have been able to create 2 files that have the same checksum, but only if they have complete control over both files. It is not (currently) possible to take a given file and create another file with the same MD5 sum. That's not to say that it won't ever change, but even if it does, there's no question that the file sizes would be significantly different. Tripwire (and most likely other similar products) track file sizes in addition to checksums. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp9R3owq848I.pgp
Description: PGP signature