[Cryptography] Oracle discovers the 1990s in crypto
Natanael
natanael.l at gmail.com
Sun Jan 22 17:34:18 EST 2017
Den 22 jan 2017 23:27 skrev "John Levine" <johnl at iecc.com>:
But I'm wondering how real the MD5 threat is in practice. Java JAR files
are ZIP files containing a manifest that lists the other files and can
contain signed hashes of the other files. So I can see how I could generate
a collision and replace one of the other files with garbage, which might
crash a poorly debugged Java implmentation. But how likely is it that I
could replace one of the other files with a different Java program?
http://www.mscs.dal.ca/~selinger/md5collision/
>From 2006, and since then there's even been multicollision multifiletype
hash collision generators with GPU acceleration and more.
You can trivially generate valid files with colliding hashes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170122/e85b63ac/attachment.html>
More information about the cryptography
mailing list