2008/10/27 Mark Allums <[EMAIL PROTECTED]>: >> On 2008-10-27 08:24 +0100, David Baron wrote: >> >>> The newest debsums from Sid can do a daily check for md5 disagreement. >>> Useful for security? >> [...] > MD5s are not useful for security purposes any more. They are too easy to > duplicate with a malicious file. There are demonstrations of this out > there, one guy produced two different valid PDFs with the same MD5.
To be fair, it is easier to produce two files having the same checksum than creating a second file having a fixed checksum. But sure, MD5 should be considered broken. And as Sven pointed out, if the checksums are stored on the same machine, the fact that things seem to verify could be because the attacker has replaced the checksum. This scheme is broken for any hash function, not only MD5 and others that are broken. The same argument could be applied to any "solution" using the possibly-tampered-with machine to verify itself. How can you possibly trust the result of such an operation? Take care, Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
