>Well the people doing the checking (a subset of the power users) may say "I checked the source and it has this checksum", and another user may download that checksum and be subject to MITM and not know it.
Or I could mail you the source and you would check it with checksum and compare checksum to web site.
Or somone could just go ahead and change the source without changing the checksum or any of the changlog / cvs change notification stuff and people would not think there is a change to review.
Some of this scenarios will likely work some of the time against users.
You are missing the point - since the only way to make this trick work is to include a very specific chunk of 64 bytes with a few bits flipped (or not), the actual malicious code must be present anyway and triggered by the flipped bits. So, all of these attacks rely on the code not being inspected or being sufficiently cunning that inspection didn't help. And, if that's the case, the attacks work without any MD5 trickery.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]