Dailydave mailing list archives
Re: I love PKI :) (was Some Propaganda.)
From: "Danny Quist" <dannyquist () gmail com>
Date: Fri, 17 Nov 2006 18:30:02 -0700
It is possible to create collision files, however it is not possible to make them look like you want. In other words you couldn't create a piece of software that had that collision, you could only create another random bit of data with that same checksum. This would mean that the signature verification method would still keep the code safe. Danny On 11/16/06, ergosum <ergosum () neurosecurity com> wrote:
Not only the implementation might be flawed, but the algorithm itself can be flawed. Just remember the recent md5 collisions (http://www.stachliu.com/research_collisions.html) (which btw permited the creation of custom binaries with the same signature as the original non modified bin) or sha0 and sha1 ( http://www.cryptography.com/cnews/hash.html) collisions.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Some Propaganda. Piotr Bania (Nov 14)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
- Re: Some Propaganda. Halvar Flake (Nov 15)
- Re: Some Propaganda. dan (Nov 15)
- I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
- Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
- Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)
- <Possible follow-ups>
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Marek Bialoglowy (Nov 16)