Date: Thu, 26 Aug 2004 14:35:33 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <Pine.GSO.4.61.0408261433110.17591@mail.ilrt.bris.ac.uk> In-Reply-To: <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Aug 2004, Mike Tancsa wrote: > If someone can pad an archive to come > up with the same MD5 hash, this would challenge the security of the FreeBSD > ports system no ? You are correct. However, that is not what the paper is demonstrating. It's showing how to find two separate strings that you can tack on the end of a arbitrary file (the strings are parameterised by file contents) and the resulting MD5 hashes of both new files will be the same. They will not be the same as that of the original file. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ That which does not kill us goes straight to our thighs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.61.0408261433110.17591>