While I have not kept up, I am not aware of any method of modifying a file
and being able to keep the same MD5 signature. I have seen work that lowers
the number of possible variations by several orders of magnitude, but
nothing that can totally duplicate a MD5 signature. Do you have a URL, an
author, or something that I can do a web search on?
If one were truely parnoid, take a look at the tripwire signatures. It has
md5, snefru, crc32, crc16, md4, md2,sha, and haval. GOOD LUCK in finding
two files that will generate the same signatures for all those algorithms!
On Friday, August 13, 1999 11:09 AM, Jeff Duffy [SMTP:[EMAIL PROTECTED]]
wrote:
> Any checksum program alone is not sufficient to guarantee file
> integrity. While md5 checksumming is indeed a bit more secure than the
> standard *nix sum, there are plenty of cracker kits out there that
> contain tools to modify files in such a way that the md5sum remains the
> same.
>
> Tripwire improves the odds by using md5 summing and SHA hashes in
> conjunction to verify file integrity. You can modify a file so one or
> the other will still match the original sum, but the odds of being able
> to modify and match both are astronomical.
>
> Hope this helps.
>
> Jeff Duffy
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
