MD5 and SHA cracked/broken...
David Bolen
db3l at fitlinxx.com
Thu Sep 16 11:12:03 EDT 2004
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
> You don't need preimages to plant a trojan. If you can create mere
> collisions, you can create two files, one with a trojan and one
> without a trojan, that have the same md5sum. You publish the
> non-trojan one, people inspect it carefully and start using it, and
> download sites say that its md5sum should be so-and-so. Now you can
> replace the non-trojan file with the trojan version and the md5sum
> will still verify.
But why bother? Clearly in this case I'm in control of the md5sum's
publication (since I'm formulating both files to match), so why
wouldn't I just publish the trojan one in the first place with an MD5
that matches the trojan? Any user of my package is already trusting
that any MD5 I publish is in fact for a proper file, so they are in
effect already trusting me.
I'd be more concerned that another party (other than myself) was able
to insert a different file that matched my original MD5 that I had
published. It sounds like this exploit doesn't impact that ability at
this point.
-- David
More information about the Python-list
mailing list