* Philipp Kern <pk...@debian.org>, 2015-08-06, 21:31:
The purpose of adding garbage could be to make a modified tarball
match the signature.
Which is why we also supply the length.
I thought the idea was to create a smaller malicious tarball, then
append "garbage" until the size and the hash match.
But let's go back to reality:
If the decompressor ignores trailing garbage, then it's slightly easier
to perform chosen-prefix collision attack for tarballs[0]. You don't
have to worry about compressor's CRCs or where to hide collision blocks
from the sight of an attentive code reviewer.
[0] https://lists.debian.org/20140913162408.ga6...@jwilk.net
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150806210953.ga9...@jwilk.net
