Dailydave mailing list archives

Re: I love PKI :) (was Some Propaganda.)

From: "Danny Quist" <dannyquist () gmail com>
Date: Fri, 17 Nov 2006 18:30:02 -0700

It is possible to create collision files, however it is not possible to make
them look like you want.  In other words you couldn't create a piece of
software that had that collision, you could only create another random bit
of data with that same checksum.  This would mean that the signature
verification method would still keep the code safe.

Danny

On 11/16/06, ergosum <ergosum () neurosecurity com> wrote:



Not only the implementation might be flawed, but the algorithm itself can
be
flawed. Just remember the recent md5 collisions
(http://www.stachliu.com/research_collisions.html) (which btw permited the
creation of custom binaries with the same signature as the original non
modified bin) or sha0 and sha1 (
http://www.cryptography.com/cnews/hash.html)
collisions.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Some Propaganda. Piotr Bania (Nov 14)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
  - Re: Some Propaganda. Halvar Flake (Nov 15)
  - Re: Some Propaganda. dan (Nov 15)
    - I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
    - Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
    - Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)
- <Possible follow-ups>
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Marek Bialoglowy (Nov 16)