On Wed, Feb 08, 2012 at 11:33:37AM +0100, Bernhard R. Link wrote: > On the other hand most uncompressors silently ignore unexpected > data after end of file markers. So the compressed file is even more > easily tempered with (especially as debsums only stores md5 without > size and md5 does not include the size in the hash like the sha* do. > So if one can append arbitrary stuff, it is easy prey).
This is not true. MD5 and the SHA variants are all Merkle-Damgård constructions, which is what makes them vulnerable to length extension attacks if the compression function is not secure. Merkle-Damgård constructions include the number of bits hashed in the hash. But yes, MD5 is vulnerable to length extension attacks. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
