Reply to post: Re: md5?

Linux Mint hacked: Malware-infected ISOs linked from official site

Charles 9 Silver badge

Re: md5?

Because although it's relatively easy to locate collisions with MD5, it's still tricky to perform a preimage attack against an MD5 hash (Given X', find Y such that H(Y)=X'), particularly a second-preimage attack (Given X, find Y such that H(Y) = H(X)) which is what you'd need to pass malware off on an ISO while still having the same hash. Anyway, many repos also offer SHA1 hashes as a secondary method, and it would be a computationally astronomical feat to be able to succesfully second-preimage attack an ISO that has BOTH an MD5 AND an SHA1 hash.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020