[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile 1.7.91 has been released.
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Guile 1.7.91 has been released. |
|
Date: |
Tue, 14 Feb 2006 10:22:20 +0100 |
|
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux) |
Hi,
Marius Vollmer <address@hidden> writes:
> Well, they get to choose both texts that have a MD5 collision.
> Looking at the PostScript source reveals that the texts have been
> rigged, which should be enough if this goes to court. In our case, an
> attacker would need to find a second meaningful text that collides
> with the text that we provide. I guess that is much harder to do.
Well, since *you* are malicious, you could very well have prepared a
second tarball whose MD5 is the same and which you will propagate
during the days following the announcement. ;-)
Seriously, this kind of attack is really about the level of trust one
can have in the *emitter* of the tarball and checksum.
> And the tarball is signed with a SHA1 hash anyway. Maybe I should
> include the signature in the announcement and not a checksum...
Right.
Thanks,
Ludovic.
- Guile 1.7.91 has been released., Marius Vollmer, 2006/02/12
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/14
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/14