Re: Hashes,File protection,etc

From: Tony (missingat_private)
Date: Mon Oct 14 2002 - 14:04:37 PDT

Next message: b0iler _: "RE: CROSS SITE-SCRIPTING Protection with PHP"

Previous message: Dan Kaminsky: "Re: Hashes,File protection,etc"
In reply to: Dave Aitel: "Hashes,File protection,etc"
Next in thread: Roland Postle: "Re: Hashes,File protection,etc"
Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
Reply: Roland Postle: "Re: Hashes,File protection,etc"
Reply: Jose Nazario: "Re: Hashes,File protection,etc"
Reply: Valdis.Kletnieksat_private: "Re: Hashes,File protection,etc"
Reply: Eric Fritzges: "Re: Hashes,File protection,etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dave Aitel wrote:
> 
> On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:
> 
> 
>>> 
>>>
>>
>>For remotely computed data / hashes, you can't -- thus the folly of 
>>trusting MD5 hashes on critical files downloaded off of untrusted 
>>servers.  If somebody can modify the tarball, they can probably modify 
>>the hash too.
> 
> 
> Well, not always, if there is a semi-trusted third party or two - see
> http://www.immunitysec.com/hashdb.html for one implementation of this
> sort of thing. 
> 

speaking of which ...
Does anyone have a reference/link to any well known md5 vulnerabilities.
I remeber reading something about them awhile back but couldn't google 
up anything. Also , are there any arguements *against* using md5? Should
persons be using sha1 instead ?


-------------------------------------------------
Tony Link                             NTS/OIT/UMD
5D70 FB9D 075D 5316 13F0 75C2 5963 9574 6F65 C094
301.405.2988             nts.umd.edu/~missing/pgp

Next message: b0iler _: "RE: CROSS SITE-SCRIPTING Protection with PHP"
Previous message: Dan Kaminsky: "Re: Hashes,File protection,etc"
In reply to: Dave Aitel: "Hashes,File protection,etc"
Next in thread: Roland Postle: "Re: Hashes,File protection,etc"
Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
Reply: Roland Postle: "Re: Hashes,File protection,etc"
Reply: Jose Nazario: "Re: Hashes,File protection,etc"
Reply: Valdis.Kletnieksat_private: "Re: Hashes,File protection,etc"
Reply: Eric Fritzges: "Re: Hashes,File protection,etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 06:59:24 PDT