On Saturday 08 April 2006 00:28, Arthur de Jong wrote:
[... md5 collisions on monikar hashes used in tally sheet ...]
I'd vote for the pragmatic line of thought here.
(i) md5 hash collisions, while apparently much more likely than originally
asusmed, are still extremely improbable. Especially since the moniker is a
quite restricted data format, so you've got much less freedom than in, say,
an X.509 certificate where you can include megabytes of random junk to get
the md5 you're attacking.
(ii) if I understand you correctly, this attack would have to carried out
by/in cooperation with the secretary. It's one of those 'I don't trust my
sysadmin' style problems, you just can't solve it. If Debian really had a
problem in this areay, there wouldn't be any need for an md5 collision to
rig an vote, I bet.
-- vbi
--
To create encryption keys, RSA uses two huge prime numbers and multiplies
them together to produce an even bigger prime.
-- Sandeep Junnarkar at news.com
Attachment:
pgpHFKTYy8p5W.pgp
Description: PGP signature