|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tony (missing_at_nts.umd.edu)
Date: Mon Oct 14 2002 - 16:04:37 CDT
Dave Aitel wrote:
>
> On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:
>
>
>>>
>>>
>>
>>For remotely computed data / hashes, you can't -- thus the folly of
>>trusting MD5 hashes on critical files downloaded off of untrusted
>>servers. If somebody can modify the tarball, they can probably modify
>>the hash too.
>
>
> Well, not always, if there is a semi-trusted third party or two - see
> http://www.immunitysec.com/hashdb.html for one implementation of this
> sort of thing.
>
speaking of which ...
Does anyone have a reference/link to any well known md5 vulnerabilities.
I remeber reading something about them awhile back but couldn't google
up anything. Also , are there any arguements *against* using md5? Should
persons be using sha1 instead ?
-------------------------------------------------
Tony Link NTS/OIT/UMD
5D70 FB9D 075D 5316 13F0 75C2 5963 9574 6F65 C094
301.405.2988 nts.umd.edu/~missing/pgp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]