On Thu, Mar 29, 2001 at 11:19:24AM -0800, Pat Moffitt wrote: > It is more than possible. There are people that have figured out how to pad > a file to make the checksums the same. They don't have to worry about the > fact that your checksums cannot be changed because they will fake theirs to > match. We're talking about MD5 hashes here, not CRC error detection codes. You're saying that people have broken MD5. If this were true, I would have heard about it by now!
> This is much more work and would require that the hacker have more > skills than the regular script kiddy. AFAIK, this requires a computationally-infeasible amount of work. Besides, if you pad a file, then the length is wrong. You can check that too. (Of course, you could just change bytes mid-file, but that is probably even harder, i.e. still impossible without all the worlds computers and a lot of time.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
