Reply to post: Re: md5?

Linux Mint hacked: Malware-infected ISOs linked from official site

FelixReg

Re: md5?

Something that's often forgotten is you don't have to create a file with a perfectly matching MD5 or SHA1. All you need is a file with hashes that match at the beginning and end, and for enough of the other hex digits to *look* ok.

Though semi-matching *two* independent hashes would be a neat trick for the bad guy to pull. I'd worry that MD5 and SHA1 are not particularly independent, though. They are algorithmically close.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020