[Cryptography] Kali Linux security is a joke!
ryacko at gmail.com
Mon Mar 23 01:27:19 EDT 2015
> Use of MD5 is indeed a big ? and totally unnecessary --- risk. While you
> are correct that a collision attack requires some ability to modify the
> original file, that is hardly an insurmountable obstacle. All an attacker
> has to do is inject some random bits in the target, say by modifying an
> included icon. A member of the team could be a mole or suborned by bribery
> or blackmail. Or malware could modify the tool chain in a way that injects
> the required bits at the last minute. While such ability would allow other
> attacks, there are many reasons why an attacker might want hacked and clean
> versions of the same program.
For software fingerprints, fuzzy hashes are better.
And it depends on whether you're using a whitelist or a blacklist or both.
Antiviruses, the automatic scanners that gmail and other providers use, all
blacklists. A typical hash is bad, change a few bits, and you'll be clear.
For a white list, collisions are worse as you can trick an authority into
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography