Carlos E. R. wrote: > > The Sunday 2007-04-08 at 23:43 -0700, David Brodbeck wrote: > > > Ryouga Hibiki wrote: > >> PS: Unless you know that there's a way to change a package without > >> modifying the integrity of these (MD5SUM), is that possible? > > I *think* it's been shown that it's possible to create two different > > files that have the same MD5 checksum. > > Curious! > > I was thinking of that the other day while falling sleep. It is obviously > possible: if it weren't, then we could use the checksum instead of the > original file as a brutally effective compression technique. There > will be > then several (many?) files of the same size having the same checksum. > > > Exploiting this would require > > creating a *meaningful* file with the same checksum as the original, > > though, which is much more difficult. > > Not knowing the in depth mathematical analysis of checksums, my educated > guess is that a checksum protects against the chance corruption of a file > in transmission, affecting one or many, but not all, of its bytes. It > will > not protect against the deliberate attempt to generate a file of the same > size and checksum; but generating one such file that is a valid file of > the same format I imagine could be an herculean task. > > > In the case of the SuSE iso images, the task would be terrible difficult: > each rpm inside the iso has also checksums, plus a pgp signature. > > Bear in mind an md5sum is only 128 bits. It is impossible for there to be only one file that results in that sum, given that a file can be any size, with any value in each of the bytes. However, it's virtually impossible to change a file so that it has the same md5sum and is still sensible in the intended application. A small change in the original file makes a big change in the md5sum.
-- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
