severity 454666 normal thanks On Thu, Dec 06, 2007, [EMAIL PROTECTED] wrote:
> In particular, it is now computationally feasible for > a single attacker with a desktop machine to modify any > executable of his or her choosing to have any desired > MD5 checksum. Ray, Debian is not Slashdot. I urge you to actually read the paper you are referring to before making such claims. A chosen-prefix attack certainly does *not* allow to modify an executable "to have a desired MD5 checksum". Chosen-prefix attacks do allow to build two different packages with the same checksum. But until proven otherwise that requires the complicity of the Debian maintainer, who is trusted anyway, so you will need to provide a realistic attack scenario in order for your bug report to be considered seriously. Regards, -- Sam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
