Sunday, December 02, 2007

Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5

Some of us rely on code signatures. I know I do. I check them religiously on files I download, keep them in secure places and run them every time I open one of those executable files for installation.

It has been known for some time that MD5 checksums might be vulnerable, but according to the paper linked to above it is toast. I'm worried.


No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.