* Henrique de Moraes Holschuh: >> Size information doesn't buy you that much. > > When we are talking about a binary blob that matches the *same* md5sum? Yes, > it does. Causing a MD5 colision with a message of the same size is far more > difficult.
Oh, in this case, please show us a collision of two messages of 641 and 642 bytes. 8-) AFAIK, the currently published attacks do not work well against the final block with padding, so it's still not possible to change the length. >> > AND the fact that it needs to be a valid .deb archive, they are >> > probably more than strong enough. >> >> That, and the "evil twin" package would have to be prepared by the >> securty team as well, which isn't a relevant scenario (because they > > Would it? With the currently published attacks, yes. If significantly better attacks appear, they might also apply to message digests in the same family, so this is only a slightly convincing argument for replacing MD5 with SHA-1 (or even SHA-256 ). Actually, there isn't much Debian can do, other than to wait. We don't share many of the problems because or protocols are proprietary, and we've got a working software distribution process to end users. Lots of other stuff (especially in the IETF context, think appliances) needs to preserve interoperability with other people's code, or can't be field-upgraded. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
