2007-12-01 10:07:16
By Tim Brown
LOL, just a day after I release gpgutils to the world, some dutch folk release details of how they were able to subvert MD5 and produce two Windows executables with different functionality but the same hash. The amusing thing is that previously I'd been supplying signed MD5 hashes for my tools, but the release of gpgutils coincided with my decision to move to supplying MD5 and SHA1 hashes and indeed gpgutils includes such functionality - just in the nick of time it seems. All this does however lead me wondering what the liklihood is of collisions against both algorithms occuring simultaneously. One for the mathmaticians and cryptographers me thinks.
Mood: Impressed
Music: Nothing playing right now
You are unknown, comment