Re: Gentoo Linux insecurities...
From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 09/29/04
- Next message: Michael Amling: "Re: Listening to Crypto"
- Previous message: Michael Amling: "Re: permutation mappings"
- In reply to: Ryan Barnard: "Re: Gentoo Linux insecurities..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 22:38:26 -0400
Ryan Barnard wrote:
> Tom, I posted your question in the Gentoo forums....located here:
> http://forums.gentoo.org/viewtopic.php?t=229875
>
> It looks like there is nothing to worry about...how easy would it be
> to get two different tarballs of the same size that hash to the same
> MD5?
>
> I agree that this is a concern, but it sounds like it's not an
> immediate problem, and the Gentoo developers have a different system
> in the works.
Dan has proven the attack works. He's giving a talk on the idea
sometime in the near future.
Generally the attack would be obvious by looking at the "header" shell
script that decodes the payload.
My point is that it's relatively possible [for instance, Unreal2k3 has
that sort of installer...].
Tom
- Next message: Michael Amling: "Re: Listening to Crypto"
- Previous message: Michael Amling: "Re: permutation mappings"
- In reply to: Ryan Barnard: "Re: Gentoo Linux insecurities..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
