Next message: b0iler _: "RE: CROSS SITE-SCRIPTING Protection with PHP"
- Previous message: Dan Kaminsky: "Re: Hashes,File protection,etc"
- In reply to: Dave Aitel: "Hashes,File protection,etc"
- Next in thread: Roland Postle: "Re: Hashes,File protection,etc"
- Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Reply: Roland Postle: "Re: Hashes,File protection,etc"
- Reply: Jose Nazario: "Re: Hashes,File protection,etc"
- Reply: Valdis.Kletnieksat_private: "Re: Hashes,File protection,etc"
- Reply: Eric Fritzges: "Re: Hashes,File protection,etc"
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Dave Aitel wrote:
>
> On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:
>
>
>>>
>>>
>>
>>For remotely computed data / hashes, you can't -- thus the folly of
>>trusting MD5 hashes on critical files downloaded off of untrusted
>>servers. If somebody can modify the tarball, they can probably modify
>>the hash too.
>
>
> Well, not always, if there is a semi-trusted third party or two - see
> http://www.immunitysec.com/hashdb.html for one implementation of this
> sort of thing.
>
speaking of which ...
Does anyone have a reference/link to any well known md5 vulnerabilities.
I remeber reading something about them awhile back but couldn't google
up anything. Also , are there any arguements *against* using md5? Should
persons be using sha1 instead ?
-------------------------------------------------
Tony Link NTS/OIT/UMD
5D70 FB9D 075D 5316 13F0 75C2 5963 9574 6F65 C094
301.405.2988 nts.umd.edu/~missing/pgp
- Next message: b0iler _: "RE: CROSS SITE-SCRIPTING Protection with PHP"
- Previous message: Dan Kaminsky: "Re: Hashes,File protection,etc"
- In reply to: Dave Aitel: "Hashes,File protection,etc"
- Next in thread: Roland Postle: "Re: Hashes,File protection,etc"
- Next in thread: Sverre H. Huseby: "Re: CROSS SITE-SCRIPTING Protection with PHP"
- Reply: Roland Postle: "Re: Hashes,File protection,etc"
- Reply: Jose Nazario: "Re: Hashes,File protection,etc"
- Reply: Valdis.Kletnieksat_private: "Re: Hashes,File protection,etc"
- Reply: Eric Fritzges: "Re: Hashes,File protection,etc"
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
This archive was generated by hypermail 2b30
: Tue Oct 15 2002 - 06:59:24 PDT