I think I was confusing it with something almost entirely different,
sorry :) Something about padding out to the next greatest prime.
Maybe involving the tar format.
ben
On 6/26/07, Bob Miller <[EMAIL PROTECTED]> wrote:
Ben Barrett wrote:
> At *least* compare the ISO's against the public checksums (and file
> sizes -- MD5 is exploitable such that files can be padded to longer
> lengths to match a checksum, IIRC).
> If someone can match the size *and* MD5 on some arbitrary ubuntu ISO
> release,
> then I think they either deserve to be successful -- or have their
> methods published!!!
It's easy to make an ISO shorter -- just leave out a couple of obscure
packages. Then pad it out to the original length.
But my recollection of the md5 hacks of a couple of years ago is that
a technique was not known to match an arbitrary checksum, but that it
was possible to generate two plaintexts with the same checksum, with
little control over the content of either.
Of course, I may have missed a more recent development.
--
Bob Miller K<bob>
[EMAIL PROTECTED]
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
