[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
>>As to weaknesses, I seem to remember that someone managed to forge a
>>modification to a program used to observe networks on a Sun so that it
>>had the same MD5 checksum as the official trusted version. But whether
>>this is real is not strictly the issue.
There was a program that forged CRC checksums that came out a couple years back,
letting you create a Trojan Horse and modify it to match Unix "sum" checksums
by adding junk to the end. I'd be extremely surprised if anyone did this
CRCs are invertable, and generally short enough to brute-force as well.
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281