[Dailydave] I love PKI :) (was Some Propaganda.)
Danny Quist
dannyquist at gmail.com
Sat Nov 18 01:30:02 Local tim 2006
It is possible to create collision files, however it is not possible to make
them look like you want. In other words you couldn't create a piece of
software that had that collision, you could only create another random bit
of data with that same checksum. This would mean that the signature
verification method would still keep the code safe.
Danny
On 11/16/06, ergosum <ergosum at neurosecurity.com> wrote:
>
>
> Not only the implementation might be flawed, but the algorithm itself can
> be
> flawed. Just remember the recent md5 collisions
> (http://www.stachliu.com/research_collisions.html) (which btw permited the
> creation of custom binaries with the same signature as the original non
> modified bin) or sha0 and sha1 (
> http://www.cryptography.com/cnews/hash.html)
> collisions.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20061117/4413503b/attachment.htm
More information about the Dailydave
mailing list