PasswordMaker Forums
Miscellaneous => Other => Topic started by: quixin on December 01, 2007, 03:40:11 AM
-
What do you guys make of this?
We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.
http://www.win.tue.nl/hashclash/SoftIntCodeSign/ (http://www.win.tue.nl/hashclash/SoftIntCodeSign/)
-
Yea, it was bound to happen. Any hashing tool can have this. Also, unless they were also the same size, other checks should raise a red flag (Gentoo Portage uses three(I think) hashing tools plus file size to make sure the file is right)
-
For the purposes of PasswordMaker, MD5 is still viable. The likelihood of two or more master passwords colliding is unbelievably low.