Thomas Schapitz wrote:
Kev Jackson schrieb:
I don't think that this is the major problem. It's very very very
unlikely that anyone would want to tamper with Ant (why bother, a user
can always get teh source and build themselves?). The problem is that
when using Ant to build new code (and to ge
Kev Jackson schrieb:
I don't think that this is the major problem. It's very very very
unlikely that anyone would want to tamper with Ant (why bother, a user
can always get teh source and build themselves?). The problem is that
when using Ant to build new code (and to generate a checksum for t
On Wed, 16 Feb 2005, Dominique Devienne <[EMAIL PROTECTED]> wrote:
> But can the forged file with identical MD5 masquerade as the
> original file, i.e. still be a Zip file, or tar'd gzipped or bzipped
> file?
Yes. At least for ZIP it would be easy. Just add data as much as you
need to external
But can the forged file with identical MD5 masquerade as the original
file, i.e. still be a Zip file, or tar'd gzipped or bzipped file?
Sure, what you describe sounds bad, but I'm trying to figure out
(without too much research of my own ;-) if it's a real problem in
practice. --DD
In practice the
Dominique Devienne wrote:
From: Stefan Bodewig [mailto:[EMAIL PROTECTED]
On Wed, 16 Feb 2005, Dominique Devienne <[EMAIL PROTECTED]> wrote:
You mean that the MD5 and SHA-1 digests computed by the JDK-provided
libraries didn't generate the canonical values of these digests?
No, broken as
> From: Stefan Bodewig [mailto:[EMAIL PROTECTED]
>
> On Wed, 16 Feb 2005, Dominique Devienne <[EMAIL PROTECTED]> wrote:
>
> > You mean that the MD5 and SHA-1 digests computed by the JDK-provided
> > libraries didn't generate the canonical values of these digests?
>
> No, broken as in "sucessfull
On Wed, 16 Feb 2005, Dominique Devienne <[EMAIL PROTECTED]> wrote:
> You mean that the MD5 and SHA-1 digests computed by the JDK-provided
> libraries didn't generate the canonical values of these digests?
No, broken as in "sucessfully attacked".
It is possible to create a file that matches the
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Modified: docs/manual/CoreTasks checksum.html
> Log: choose your digest wisely
>
> +Note that many popular message digest functions - including MD5
and
> +SHA-1 - have been broken recently.
You mean that the MD5 and SHA-1 digests c
