I thought the usual attack posited when one can find a collision on a source checksum is to make the desired change to source, then tinker with something less obvious and more malleable like lsbits of a UI image file until you find your collision on two input source packages.
Adam On Tue, Dec 14, 2004 at 10:17:28PM +0000, Ben Laurie wrote: > >>But the only way I can see to exploit this would be to have code that > >>did different things based on the contents of some bitmap. My contention > >>is that if the code is open, then it will be obvious that it does > >>"something bad" if a bit is tweaked, and so will be suspicious, even if > >>the "something bad" is not triggered in the version seen. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]