Lars Wirzenius wrote:
> I agree that this attack would work. It's not exactly likely (MD5
> collisions are still not trivial, in my understanding, to generate),
> but it's clear Obnam needs to switch.
md5sum collisions can be downloaded from Wikipedia. So..
joey@darkstar:~>md5sum a b
79054025255f
On Sat, Mar 15, 2014 at 07:17:02PM -0400, Joey Hess wrote:
> Here's a feasible attack on obnam due to its use of md5.
I agree that this attack would work. It's not exactly likely (MD5
collisions are still not trivial, in my understanding, to generate),
but it's clear Obnam needs to switch.
If I c
Package: obnam
Version: 1.6.1-1
Severity: important
Tags: security
Here's a feasible attack on obnam due to its use of md5.
1. Generate a a binary that is modified to contain a md5
colliding section.
(Trivial.)
2. Find ways to upload files to lots of Debian systems that I want to
attack
3 matches
Mail list logo
