AFAIK (from a person who heard their technique) it is easy to tweak an ISO.
C code might be a bit harder, but it looks a bit technical in nature to solve the problem as well. On Tue, 17 Aug 2004, Eli Billauer wrote: > Orr Dunkelman wrote: > > >http://eprint.iacr.org/2004/199 > >paper. > > > >The code exist The technique is quite blurry in the 4-page paper... > > > > > Blurry indeed. And I'm sure the code exists, but the question is whether > one can try it...? > > It's always sad to find out that a security measure fails, but is it > time to panic yet? For example, if MD5 is used to hash C code or > tarballs, how possible is it to create an alternative, legal C code or > tarball with the same MD5? > > As for CD ISO images: Is it possible to create, say, 600 MB of any data > I want, and then use the rest of the data space (unallocated as far as > the CD concerns) to get the MD5 to what I want? This would be a real danger. > > My point is: It's quite easy to tell everyone not to use a technique > because someone has found some problem with it, but before the mess > begins: How real is the threat? > > Eli > > -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
