Next message: Dave Aitel: "Re: Hashes,File protection,etc"
- Previous message: Valdis.Kletnieksat_private: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- In reply to: Dan Kaminsky: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Next in thread: Dan Kaminsky: "Re: Hashes,File protection,etc"
- Next in thread: Dave Aitel: "Re: Hashes,File protection,etc"
- Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Reply: Dan Kaminsky: "Re: Hashes,File protection,etc"
- Reply: Tony: "Re: Hashes,File protection,etc"
- Reply: Michael Wojcik: "RE: Hashes,File protection,etc"
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:
> >
> >
> For remotely computed data / hashes, you can't -- thus the folly of
> trusting MD5 hashes on critical files downloaded off of untrusted
> servers. If somebody can modify the tarball, they can probably modify
> the hash too.
Well, not always, if there is a semi-trusted third party or two - see
http://www.immunitysec.com/hashdb.html for one implementation of this
sort of thing.
--
Dave Aitel <daveat_private>
Immunity, Inc
- Next message: Dave Aitel: "Re: Hashes,File protection,etc"
- Previous message: Valdis.Kletnieksat_private: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- In reply to: Dan Kaminsky: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Next in thread: Dan Kaminsky: "Re: Hashes,File protection,etc"
- Next in thread: Dave Aitel: "Re: Hashes,File protection,etc"
- Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Reply: Dan Kaminsky: "Re: Hashes,File protection,etc"
- Reply: Tony: "Re: Hashes,File protection,etc"
- Reply: Michael Wojcik: "RE: Hashes,File protection,etc"
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
This archive was generated by hypermail 2b30
: Mon Oct 14 2002 - 12:34:21 PDT