Re: md5 hashes used in security announcements

To: Raphael Geissert <atomo64+debian@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: md5 hashes used in security announcements
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 24 Oct 2008 22:39:10 +0200
Message-id: <[🔎] 87ej25zq1d.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] gdta74$mpc$1@ger.gmane.org> (Raphael Geissert's message of "Fri, 24 Oct 2008 15:12:20 -0500")
References: <[🔎] 4901CC1A.5040809@bircd.org> <[🔎] 874p327yy5.fsf@mid.deneb.enyo.de> <[🔎] 49021A4A.8040803@bircd.org> <[🔎] gdta74$mpc$1@ger.gmane.org>

* Raphael Geissert:

> Yeah, but remember that the "bad" version must also be a valid .deb file with
> something inside that does work; otherwise you may just be able to get some
> random stuff with the same file size and md5 sum but without any use.

These days, you can generate meaningful collisions, perhaps not even
obviously part of an evil twin pair, provided the plaintexts share a
common prefix.

Reply to:

References:
- md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Raphael Geissert <atomo64+debian@gmail.com>

Prev by Date: Re: md5 hashes used in security announcements
Next by Date: Re: md5 hashes used in security announcements
Previous by thread: Re: md5 hashes used in security announcements
Next by thread: Re: md5 hashes used in security announcements
Index(es):
- Date
- Thread