> From: Stefan Bodewig [mailto:[EMAIL PROTECTED] > > On Wed, 16 Feb 2005, Dominique Devienne <[EMAIL PROTECTED]> wrote: > > > You mean that the MD5 and SHA-1 digests computed by the JDK-provided > > libraries didn't generate the canonical values of these digests? > > No, broken as in "sucessfully attacked". > > It is possible to create a file that matches the checksum you've > created, but is different from the original without using a > brute-force algorithm. > > The way to attack MD5 turns out to be rather easy while the way to do > it for SHA-1 still involves using a lot of CPU cycles.
But can the forged file with identical MD5 masquerade as the original file, i.e. still be a Zip file, or tar'd gzipped or bzipped file? Sure, what you describe sounds bad, but I'm trying to figure out (without too much research of my own ;-) if it's a real problem in practice. --DD --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
