MD5"Message Digest 5" is an often used cryptographic check sum. I has been found vulnerable: http://developers.slashdot.org/article.pl?sid=04/12/07/2019244 and is effectively dead since it has been possible to create two meaningful documents of entirely different content, which produce an identical md5 has value. It's possible to actually exploit (german) that vulnerability: http://www.win.tue.nl/~bdeweger/CollidingCertificates/ http://it.slashdot.org/article.pl?sid=05/11/15/2037232 collision soure code http://www.stachliu.com.nyud.net:8090/collisions.html made it possible to create arbitrary X.509 (SSL) certificates see Heise (german). Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5 'For abusing a chosen-prefix collision on a software integrity protection or a code signing scheme, the attacker should be able to manipulate the files before they are being hashed and/or signed. This may mean that the attacker needs insider access to the party operating the trusted software integrity protection or code signing process.' - Which is clearly not the case in Askemos implementations.
|
||||||||||||
rss
pdf :: context view
- 18 Nov 2008StorageAdaptor
- 18 Nov 2008PStoreStorageAdapt
- 18 Nov 2008OperationTips
- 15 Nov 2008PCRE
- 04 Nov 2008ProgrammingLanguag
- 01 Okt 2008SystemRequirements
- 09 Sep 2008RelatedProjects
- 23 Jul 2008ProjectsOnThePlate
- 23 Jul 2008ModuleStructure05
- 17 Jun 2008NEWS
- 17 Jun 2008HTML
- 17 Jun 2008ACM
- 22 Mai 2008HTTP
- 22 Mai 2008BOSH
- 10 Mai 2008AskemosBibliograph
- 10 Mai 2008JerrysDreamAbstrac
- 20 Apr 2008XSLT
- 11 Mar 2008CodingStyle
- 10 Mar 2008
- 09 Mar 2008MIMEConverter
- BSD
- 07 Mar 2008XML
- 06 Mar 2008SRFI
- 01 Mar 2008RFC4810
- 01 Mar 2008RFC4998
- 01 Mar 2008KondratieffWerk
- 04 Jan 2008service-level
- 04 Jan 2008NameSpaceDSSSLinde
- 24 Jun 2004KommunikationsInfr
- BOINC