[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 hashes used in security announcements

* Raphael Geissert:

> Yeah, but remember that the "bad" version must also be a valid .deb file with
> something inside that does work; otherwise you may just be able to get some
> random stuff with the same file size and md5 sum but without any use.

These days, you can generate meaningful collisions, perhaps not even
obviously part of an evil twin pair, provided the plaintexts share a
common prefix.

Reply to: