|
|
Log in / Subscribe / Register

A possible step toward integrity measurement for Fedora

A possible step toward integrity measurement for Fedora

Posted Jan 9, 2021 12:47 UTC (Sat) by Sesse (subscriber, #53779)
In reply to: A possible step toward integrity measurement for Fedora by Wol
Parent article: A possible step toward integrity measurement for Fedora

> Sorry I haven't been following it particularly, but producing a collision is harder than just breaking the hash

Producing a collision is typically the _easiest_ attack that would be considered breaking the hash, no?

to post comments

A possible step toward integrity measurement for Fedora

Posted Jan 10, 2021 19:28 UTC (Sun) by iabervon (subscriber, #722) [Link] (1 responses)

"Breaking the hash" is most often when an attacker can produce two inputs that collide, one that will be deemed acceptable by an authority and one which is malicious. In context, "producing a collision" would be coming up with an RPM with the same hash as an RPM the attacker didn't have any influence over, which is significantly harder, but is possible now for MD5 and will probably soon be possible for SHA1.

A possible step toward integrity measurement for Fedora

Posted Jan 10, 2021 20:13 UTC (Sun) by Creideiki (subscriber, #38747) [Link]

The literature usually uses "second preimage attack" for finding a message with a given hash, and "collision attack" for finding two messages with the same hash.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds