Marcin Owsiany wrote: > > It (generating good and bad package with colliding sum) is actually > easier than one might think. The reason is that you can embed any kind > of binary blob inside an executable and make the executable behavior > dependent on the "version" of the blob.
I retract what I said then. It looks much easier to do it now than when the first collision was discovered. > > This is shown here for example: > http://www.mscs.dal.ca/~selinger/md5collision/ > It was explained nicely in the "two PostScript files with identical MD5 > hash" demo, but I cannot find it now. > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
