LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

An attempt to backdoor the kernel

An attempt to backdoor the kernel

Posted Nov 7, 2003 11:31 UTC (Fri) by rschroev (subscriber, #4164)
In reply to: An attempt to backdoor the kernel by lm
Parent article: An attempt to backdoor the kernel

I think there is a huge difference between problems that arise as a result of conflicting hashes on one side, and not detecting corruption on the other side.

Colliding hashes is a bug in the system, in my view. The system may be "almost good enough", but never "good enough". Detection of errors introduced outside of the system is a nice feature, but it is one I can live without. Lack of the feature is not a bug. The system is effectively "good enough".

(Log in to post comments)

An attempt to backdoor the kernel

Posted Nov 20, 2003 13:30 UTC (Thu) by Wol (guest, #4433) [Link]

Colliding hashes is MATHEMATICALLY INEVITABLE.

It can't, therefore, be a bug.

Being able to generate a file that results in the hash you want, however, most definitely IS a bug, because it is a gaping security hole.

Cheers,
Wol

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds