On Tue, 15 Sep 2015 11:54:30 -0700, Jake Mertel said: > Indeed -- While there are methods that can be used to "pack" a file so that > it collides with a desirable checksum, that would be nearly impossible to > do in this scenario.
Small clarification here. There are known methods to easily produce two files that have the same MD5 hash, but you have no control over the checksum. There are not (to my knowledge) ways to tweak a file to produce a specified MD5 hash. MD5 is broken, but not *that* broken (yet). Feel free to point me at papers if it's been done. There are ways to easily produce a file with a specified non-crypto-strength hash like a CRC-32. So it really matters to be clear on what algorithm is used for the checksum/hash.
pgp84lmVOvk4V.pgp
Description: PGP signature
