On Saturday 08 April 2006 00:28, Arthur de Jong wrote: [... md5 collisions on monikar hashes used in tally sheet ...] I'd vote for the pragmatic line of thought here. (i) md5 hash collisions, while apparently much more likely than originally asusmed, are still extremely improbable. Especially since the moniker is a quite restricted data format, so you've got much less freedom than in, say, an X.509 certificate where you can include megabytes of random junk to get the md5 you're attacking. (ii) if I understand you correctly, this attack would have to carried out by/in cooperation with the secretary. It's one of those 'I don't trust my sysadmin' style problems, you just can't solve it. If Debian really had a problem in this areay, there wouldn't be any need for an md5 collision to rig an vote, I bet. -- vbi -- To create encryption keys, RSA uses two huge prime numbers and multiplies them together to produce an even bigger prime. -- Sandeep Junnarkar at news.com
Attachment:
pgpHFKTYy8p5W.pgp
Description: PGP signature