Orr Dunkelman wrote:
Blurry indeed. And I'm sure the code exists, but the question is whether one can try it...?http://eprint.iacr.org/2004/199 paper.
The code exist The technique is quite blurry in the 4-page paper...
It's always sad to find out that a security measure fails, but is it time to panic yet? For example, if MD5 is used to hash C code or tarballs, how possible is it to create an alternative, legal C code or tarball with the same MD5?
As for CD ISO images: Is it possible to create, say, 600 MB of any data I want, and then use the rest of the data space (unallocated as far as the CD concerns) to get the MD5 to what I want? This would be a real danger.
My point is: It's quite easy to tell everyone not to use a technique because someone has found some problem with it, but before the mess begins: How real is the threat?
Eli
-- Web: http://www.billauer.co.il
-------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
