Re: md5 hashes used in security announcements
Marcin Owsiany wrote:
> It (generating good and bad package with colliding sum) is actually
> easier than one might think. The reason is that you can embed any kind
> of binary blob inside an executable and make the executable behavior
> dependent on the "version" of the blob.
I retract what I said then. It looks much easier to do it now than when the
first collision was discovered.
> This is shown here for example:
> It was explained nicely in the "two PostScript files with identical MD5
> hash" demo, but I cannot find it now.
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net