ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <bode...@apache.org>
Subject Re: Publishing metalinks on the download page
Date Tue, 08 Sep 2009 07:49:31 GMT
On 2009-09-04, Stefan Bodewig <bodewig@apache.org> wrote:

> On 2009-09-03, Bram Neijt <bneijt@gmail.com> wrote:

>> You are correct, a well funded bad-guy would be able to do so creating a
>> hash collision on MD5 or any other kind of verification method you can
>> muster. A really well-funded bad-guy would be better off becoming a
>> dictator, and taking control of most of the countries DNS servers.

> Maybe.  But the amount of funds required is very different.  If MD5 was
> the only checksum I'm pretty sure my notebook would be able to create a
> zip or tar with matching checksums in a few hours.

Here I am clearly wrong, sorry.

My notebook should be able to find MD5 collisions within a few minutes
<http://eprint.iacr.org/2006/105.pdf> but going from there to creating
an archive with malicious content and matching a given MD5 checksum
would be a whole lot more difficult and take way longer - still not out
of reach of a really well-funded bad-guy, though.

Note that I can append some bytes of random junk to ZIPs and TARs
without changing their contents, so this gives me some freedom to create
colliding archives, but it will still take much longer than "a few
hours".

The report I had in the back of my mind when I wrote the paragraph above
<http://www.win.tue.nl/hashclash/SoftIntCodeSign/> requires the attacker
to be able to modify the "good" archive before the checksum is created -
which in general is not the case in the way dynmirror works.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message