On Sun, Jan 27, 2013 at 9:12 PM, Nicolás Alvarez <[email protected]> wrote: > 2013/1/27, Jeffrey Walton <[email protected]>: >> ... > > Chosen prefix attacks don't help you attack this. You don't get to > append data to the legitimate executable. The legitimate file is > immutable, you have to create a second malicious file with the same > hash. Here's the original paper: https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf.
> ... > I see nothing insecure in the way BOINC does file-signing. The main > problem is in the human side, such as projects not protecting their > private key enough. No comment :) Jeff _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
