Re: md5 hashes used in security announcements

To: debian-security@lists.debian.org
Subject: Re: md5 hashes used in security announcements
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Sat, 25 Oct 2008 21:09:29 -0500
Message-id: <[🔎] ge0jgq$633$1@ger.gmane.org>
References: <[🔎] 4901CC1A.5040809@bircd.org> <[🔎] 874p327yy5.fsf@mid.deneb.enyo.de> <[🔎] 49021A4A.8040803@bircd.org> <[🔎] gdta74$mpc$1@ger.gmane.org> <[🔎] 20081025114050.GA8508@beczulka>

Marcin Owsiany wrote:
> 
> It (generating good and bad package with colliding sum) is actually
> easier than one might think. The reason is that you can embed any kind
> of binary blob inside an executable and make the executable behavior
> dependent on the "version" of the blob.

I retract what I said then. It looks much easier to do it now than when the
first collision was discovered.

> 
> This is shown here for example:
> http://www.mscs.dal.ca/~selinger/md5collision/
> It was explained nicely in the "two PostScript files with identical MD5
> hash" demo, but I cannot find it now.
> 

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Reply to:

References:
- md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: md5 hashes used in security announcements
  - From: Marcin Owsiany <porridge@debian.org>

Prev by Date: Re: md5 hashes used in security announcements
Next by Date: Re: md5 hashes used in security announcements
Previous by thread: Re: md5 hashes used in security announcements
Index(es):
- Date
- Thread