Vulnerability Development mailing list archives
Hashes,File protection,etc
From: Dave Aitel <dave () immunitysec com>
Date: 14 Oct 2002 14:59:14 -0400
On Mon, 2002-10-14 at 14:40, Dan Kaminsky wrote:
For remotely computed data / hashes, you can't -- thus the folly of trusting MD5 hashes on critical files downloaded off of untrusted servers. If somebody can modify the tarball, they can probably modify the hash too.
Well, not always, if there is a semi-trusted third party or two - see http://www.immunitysec.com/hashdb.html for one implementation of this sort of thing. -- Dave Aitel <dave () immunitysec com> Immunity, Inc
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CROSS SITE-SCRIPTING Protection with PHP Astalavista Baby (Oct 10)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 10)
- Re: CROSS SITE-SCRIPTING Protection with PHP Marvin Simkin (Oct 11)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 12)
- RE: CROSS SITE-SCRIPTING Protection with PHP Rob Shein (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Dan Kaminsky (Oct 14)
- Hashes,File protection,etc Dave Aitel (Oct 14)
- Re: Hashes,File protection,etc Dan Kaminsky (Oct 14)
- Re: Hashes,File protection,etc Dave Aitel (Oct 14)
- /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
- Re: CROSS SITE-SCRIPTING Protection with PHP Marvin Simkin (Oct 11)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 10)
- Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)