Vulnerability Development mailing list archives
Re: Hashes,File protection,etc
From: Tony <missing () nts umd edu>
Date: Mon, 14 Oct 2002 17:04:37 -0400
Dave Aitel wrote:
On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:For remotely computed data / hashes, you can't -- thus the folly of trusting MD5 hashes on critical files downloaded off of untrusted servers. If somebody can modify the tarball, they can probably modify the hash too.Well, not always, if there is a semi-trusted third party or two - see http://www.immunitysec.com/hashdb.html for one implementation of thissort of thing.
speaking of which ... Does anyone have a reference/link to any well known md5 vulnerabilities.I remeber reading something about them awhile back but couldn't google up anything. Also , are there any arguements *against* using md5? Should
persons be using sha1 instead ? ------------------------------------------------- Tony Link NTS/OIT/UMD 5D70 FB9D 075D 5316 13F0 75C2 5963 9574 6F65 C094 301.405.2988 nts.umd.edu/~missing/pgp
Current thread:
- Re: Hashes,File protection,etc, (continued)
- Re: Hashes,File protection,etc Dave Aitel (Oct 14)
- /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Shawn K. Hall (RA/Security) (Oct 20)
- Re: Hashes,File protection,etc Tony (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 16)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 16)
- Re: Hashes,File protection,etc Bob Mathews (Oct 16)
- Re: Hashes,File protection,etc Jose Nazario (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- RE: Hashes,File protection,etc Rich Cower (Oct 15)
- Re: Hashes,File protection,etc Eric Fritzges (Oct 15)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)