Gunnar Wolf <gw...@gwolf.org> wrote: > leorolla dijo [Thu, Apr 01, 2010 at 06:23:59AM -0700]: >> For security reasons it could perform a checksum verification to >> protect the user from a corrupt or virus-infected backup file. >> >> So the simple changes in the source would be: >> * remove the problematic file from the source code >> * change the source code to >> -look for a 446-byte file with a specific filename >> -if absent, produce error message explaining what the user is supposed >> to do and exit >> -perform the checksum verification >> -if fails, produce appropriate error message and exit >> -copy the file to the mbr >> >> (Is it also be copyright violation to distribute checksums along with >> the program? In this case, add "look for the presence of a checksum >> file with a given name etc; if absent, produce an error message >> telling the user to copy it from a trusted source etc and exit".) > > Humm... and given the search space is just giant (and not > mindboggingly huge), you could even add a loop that generates a random > 446-byte-long content until it matches the md5sum and the sha1sum for > said file?
The math does not work. The search space is still too unfeasibly large. There are 2^(8*448) different combinations. You will find a collision in md5sum first, though the sun would have burned out long before the loop completed. Cheers, Walter Landry wal...@geodynamics.org -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100414.163703.914206309142954568.wal...@geodynamics.org
