On 2009-09-04, Stefan Bodewig <bode...@apache.org> wrote: > On 2009-09-03, Bram Neijt <bne...@gmail.com> wrote:
>> You are correct, a well funded bad-guy would be able to do so creating a >> hash collision on MD5 or any other kind of verification method you can >> muster. A really well-funded bad-guy would be better off becoming a >> dictator, and taking control of most of the countries DNS servers. > Maybe. But the amount of funds required is very different. If MD5 was > the only checksum I'm pretty sure my notebook would be able to create a > zip or tar with matching checksums in a few hours. Here I am clearly wrong, sorry. My notebook should be able to find MD5 collisions within a few minutes <http://eprint.iacr.org/2006/105.pdf> but going from there to creating an archive with malicious content and matching a given MD5 checksum would be a whole lot more difficult and take way longer - still not out of reach of a really well-funded bad-guy, though. Note that I can append some bytes of random junk to ZIPs and TARs without changing their contents, so this gives me some freedom to create colliding archives, but it will still take much longer than "a few hours". The report I had in the back of my mind when I wrote the paragraph above <http://www.win.tue.nl/hashclash/SoftIntCodeSign/> requires the attacker to be able to modify the "good" archive before the checksum is created - which in general is not the case in the way dynmirror works. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
