[EMAIL PROTECTED] (Ludovic Courtès) writes: >> Well, they get to choose both texts that have a MD5 collision. >> Looking at the PostScript source reveals that the texts have been >> rigged, which should be enough if this goes to court. In our case, an >> attacker would need to find a second meaningful text that collides >> with the text that we provide. I guess that is much harder to do. > > Well, since *you* are malicious, you could very well have prepared a > second tarball whose MD5 is the same and which you will propagate > during the days following the announcement. ;-)
Ahh, that never occured to me... I don't tend to think of _me_ as the bad guy.. :-) -- GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405 _______________________________________________ Guile-devel mailing list Guile-devel@gnu.org http://lists.gnu.org/mailman/listinfo/guile-devel
