Okay, okay,
It was late, and perhaps I should have paid more attention to what I
was writing before I hit the send button. Last time I go shooting off my
mouth in this group :)
MD5 checksumming takes a file and generates a 128 bit "fingerprint" by
applying the md5 algorithm for x rounds (I think it's 20 on my FreeBSD
box). I was in error to blithely say you could simply hedge a given file
after you've mucked with it to match the MD5 checksum it previously had.
I should have said that it's not impossible to take an original binary
file, create a new (trojaned) binary file, and run an
alter/sum...alter/sum type of brute force round on the new one until you
get it to match the original, just as Todd Bennett was suggesting. Yes,
that's a lot of possibilities to cover, but it's not impossible.
I did not mean to suggest that MD5 was an insecure algorithm. My point
was simply that if you're going for the maximum paranoia value,
searching the available space for one checksum match is much more likely
to succeed than matching two different sums.
Jeff Duffy
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
