[PLUG] RedHat 7.3 MD5 Sums

Russ Johnson russj at dimstar.net
Mon Aug 5 17:00:57 UTC 2002


Wouldn't that type of thing sort of defeat the purpose of a checksum?

If it's really that easy to spoof a checksum, what's to stop anyone from 
doing that, and why do we trust checksums?

Why didn't the guy that trojaned the openssh source do this to avoid 
detection if it's really that easy?

At 09:19 PM 8/4/2002 +0000, you wrote:
>Or couldn't they have used a hex editor to make the durn thing have the same
>MD5....

Russ Johnson
http://www.dimstar.net


You can measure a programmer's perspective by noting his attitude on
the continuing viability of FORTRAN.
                 -- Alan Perlis






More information about the PLUG mailing list