[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use of md5sum for tally sheet

On Saturday 08 April 2006 00:28, Arthur de Jong wrote:
[... md5 collisions on monikar hashes used in tally sheet ...]

I'd vote for the pragmatic line of thought here.

 (i) md5 hash collisions, while apparently much more likely than originally 
asusmed, are still extremely improbable.  Especially since the moniker is a 
quite restricted data format, so you've got much less freedom than in, say, 
an X.509 certificate where you can include megabytes of random junk to get 
the md5 you're attacking.
 (ii) if I understand you correctly, this attack would have to carried out 
by/in cooperation with the secretary.  It's one of those 'I don't trust my 
sysadmin' style problems, you just can't solve it.  If Debian really had a 
problem in this areay, there wouldn't be any need for an md5 collision to 
rig an vote, I bet.

-- vbi

To create encryption keys, RSA uses two huge prime numbers and multiplies
them together to produce an even bigger prime.
        -- Sandeep Junnarkar at news.com

Attachment: pgpHFKTYy8p5W.pgp
Description: PGP signature

Reply to: