Gunnar Wolf <[email protected]> wrote: > leorolla dijo [Thu, Apr 01, 2010 at 06:23:59AM -0700]: >> For security reasons it could perform a checksum verification to >> protect the user from a corrupt or virus-infected backup file. >> >> So the simple changes in the source would be: >> * remove the problematic file from the source code >> * change the source code to >> -look for a 446-byte file with a specific filename >> -if absent, produce error message explaining what the user is supposed >> to do and exit >> -perform the checksum verification >> -if fails, produce appropriate error message and exit >> -copy the file to the mbr >> >> (Is it also be copyright violation to distribute checksums along with >> the program? In this case, add "look for the presence of a checksum >> file with a given name etc; if absent, produce an error message >> telling the user to copy it from a trusted source etc and exit".) > > Humm... and given the search space is just giant (and not > mindboggingly huge), you could even add a loop that generates a random > 446-byte-long content until it matches the md5sum and the sha1sum for > said file?
The math does not work. The search space is still too unfeasibly large. There are 2^(8*448) different combinations. You will find a collision in md5sum first, though the sun would have burned out long before the loop completed. Cheers, Walter Landry [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
