Re: MD5 collisions found - alternative?

To: debian-security@lists.debian.org
Subject: Re: MD5 collisions found - alternative?
From: Michael Stone <mstone@debian.org>
Date: Tue, 24 Aug 2004 21:11:34 -0400
Message-id: <[🔎] 20040825011134.GK5172@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040824223957.GD13648@jamaika>
References: <[🔎] 412B14D7.2080300@deepblue.sk> <[🔎] Pine.LNX.4.60.0408241234570.32088@ace.ulyssis.org> <[🔎] 20040824182254.GD22410@citadelle.homelinux.net> <[🔎] Pine.LNX.4.60.0408242038590.32088@ace.ulyssis.org> <[🔎] 20040824204045.GE22410@citadelle.homelinux.net> <[🔎] 20040824223957.GD13648@jamaika>

On Wed, Aug 25, 2004 at 12:39:57AM +0200, Rolf Kutz wrote:

This depends on how the attack really works. If
you just need to flip a few bits in a document it
might just look like typos (think crc32). If your
document is a tarball or a .deb you might be able
to insert a lot of "garbage" to it without being
noticed.


Right, but is someone inserting garbage into a .deb really a threat? I'd
be more concerned about the insertion of malicious code...

Mike Stone

Reply to:

Follow-Ups:
- Re: MD5 collisions found - alternative?
  - From: Matthew Palmer <mpalmer@debian.org>

References:
- MD5 collisions found - alternative?
  - From: Robert Trebula <r0b0@deepblue.sk>
- Re: MD5 collisions found - alternative?
  - From: Danny De Cock <godot@ace.ulyssis.org>
- Re: MD5 collisions found - alternative?
  - From: Almut Behrens <almut-behrens@gmx.net>
- Re: MD5 collisions found - alternative?
  - From: Danny De Cock <godot@ace.ulyssis.org>
- Re: MD5 collisions found - alternative?
  - From: Almut Behrens <almut-behrens@gmx.net>
- Re: MD5 collisions found - alternative?
  - From: Rolf Kutz <kutz@netcologne.de>

Prev by Date: Re: MD5 collisions found - alternative?
Next by Date: Re: MD5 collisions found - alternative?
Previous by thread: Re: MD5 collisions found - alternative?
Next by thread: Re: MD5 collisions found - alternative?
Index(es):
- Date
- Thread