[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
From: |
Karel Gardas |
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
Date: |
Wed, 16 Mar 2005 11:51:10 +0100 (CET) |
On Wed, 16 Mar 2005, Peter Conrad wrote:
> Hi,
>
> On Wed, Mar 16, 2005 at 12:26:30PM +0600, Ivan Boldyrev wrote:
> >
> > Tom Lord merges sexy patch. Even if he will re-sign patch,
> > MD5 sum in ./checksum will be same because *.patches.tar.gz is same.
>
> this is wrong. If Tom merges your patch, he will automatically create
> additional log entries in his own branch. This (among other things, like
> changed timestamps) will lead to a file with a different MD5 sum.
I'm afraid the whole message is a bit different: hack the mirror, hack the
patch while keeping MD5 intack and let your attack to software X spread
thorough the world.
I've just now looked at tla and baz and found that at least mirror on:
http://bazaar.canonical.com/archives/address@hidden/ uses also
SHA-1 hashes. Since SHA-1 is also considered weak these days, this
does not add that much security, but certainly at least something
before arch move to some more secure hash implementation.
Cheers,
Karel
--
Karel Gardas address@hidden
ObjectSecurity Ltd. http://www.objectsecurity.com
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Karel Gardas <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jason McCarty, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16