[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 hashes used in security announcements

Marcin Owsiany wrote:
> It (generating good and bad package with colliding sum) is actually
> easier than one might think. The reason is that you can embed any kind
> of binary blob inside an executable and make the executable behavior
> dependent on the "version" of the blob.

I retract what I said then. It looks much easier to do it now than when the
first collision was discovered.

> This is shown here for example:
> http://www.mscs.dal.ca/~selinger/md5collision/
> It was explained nicely in the "two PostScript files with identical MD5
> hash" demo, but I cannot find it now.

Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Reply to: