The Pointlessness of the MD5 "attacks"
Ben Laurie
ben at algroup.co.uk
Tue Dec 14 18:21:13 EST 2004
Adam Back wrote:
> I thought the usual attack posited when one can find a collision on a
> source checksum is to make the desired change to source, then tinker
> with something less obvious and more malleable like lsbits of a UI
> image file until you find your collision on two input source packages.
Quite so, but the "desired change to source" is either not visible, or
suspicious. If it's not visible, then just make it malicious. And if
it's suspicious then it shouldn't be run.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list