On Wed, 18 Aug 2004, Mike Tancsa wrote: > If someone can pad an archive to come > up with the same MD5 hash, this would challenge the security of the FreeBSD > ports system no ? You are correct. However, that is not what the paper is demonstrating. It's showing how to find two separate strings that you can tack on the end of a arbitrary file (the strings are parameterised by file contents) and the resulting MD5 hashes of both new files will be the same. They will not be the same as that of the original file. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ That which does not kill us goes straight to our thighs. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"