[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
|
From: |
Matthew Dempsky |
|
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
|
Date: |
Wed, 16 Mar 2005 10:03:40 -0600 |
On Wed, 2005-03-16 at 12:39 +0100, Peter Conrad wrote:
> I understood Ivan's scenario like this:
>
> 1. attacker creates Patch-A (harmless) and Patch-B (evil) with identical
> checksums
> 2. attacker submits Patch-A to maintainer
> 3. maintainer integrates Patch-A into software, signing it
This is where your (Ivan's?) scenario is flawed: when the maintainer
integrates patch-A into his archive, he doesn't sign patch-A at all. He
creates a new patch from the changes made by merging patch-A and signs
*that*.
--
Matthew Dempsky <address@hidden>
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Andreas Rottmann, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, James Blackwell, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken,
Matthew Dempsky <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Bruce Stephens, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Bruce Stephens, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/17