Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #686
| From | Richard Kettlewell <rjk@greenend.org.uk> |
|---|---|
| Newsgroups | alt.os.linux.mint, comp.os.linux.security |
| Subject | Re: 2/20/16 Linux Mint downloads compromised |
| Date | 2016-02-21 14:06 +0000 |
| Organization | terraraq NNTP server |
| Message-ID | <871t86ma3c.fsf@mantic.terraraq.uk> (permalink) |
| References | <nnd$1d3e6689$238e4bd5@695a3fabb9aa8c3c> <naceo1$bl4$1@dont-email.me> |
Cross-posted to 2 groups.
Paul <nospam@needed.com> writes:
> http://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/
>
> "If you run Linux, use the command md5sum nameofiso.iso, e..g
>
> md5sum linuxmint-17.3-cinnamon-64bit.iso
>
> The ISO image is clean if the signature matches
> one of those listed below..."
>
> Well, don't do that. It takes 60 seconds on a Pentium 4
> computer, to "fix" an ISO so it has the correct MD5SUM.
Go on then, produce a second well-formed ISO image that hashes to
e71a2aad8b58605e906dbea444dc4983.
Or if you’d prefer to work with a smaller first preimage:
$ cat /etc/motd
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ md5sum /etc/motd
9830e3dbb6a828f2cc824db8db0ceaf7 /etc/motd
Clock’s ticking!
> MD5 is compromised, and is no good for this purpose.
MD5’s collision resistance is well known to be completely broken, but
this application does not depend on collision resistance.
It’s certainly somewhat disappointing to see it still used in 2016, but
that’s no excuse for spreading FUD.
--
http://www.greenend.org.uk/rjk/
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
2/20/16 Linux Mint downloads compromised bleak_fire_ <penachew@yomomma.hot.invalid> - 2016-02-21 05:48 +0100
Re: 2/20/16 Linux Mint downloads compromised Johnny <johnny@invalid.net> - 2016-02-21 06:14 -0600
Re: 2/20/16 Linux Mint downloads compromised Yrrah <Yrrah-aolm@aolm.invalid> - 2016-02-21 14:19 +0100
Re: 2/20/16 Linux Mint downloads compromised Johnny <johnny@invalid.net> - 2016-02-21 10:22 -0600
Re: 2/20/16 Linux Mint downloads compromised Yrrah <Yrrah-aolm@aolm.invalid> - 2016-02-21 17:44 +0100
Re: 2/20/16 Linux Mint downloads compromised Caver1 <caver1@inthemud.org> - 2016-02-21 11:58 -0500
Re: 2/20/16 Linux Mint downloads compromised Paul <nospam@needed.com> - 2016-02-21 08:43 -0500
Re: 2/20/16 Linux Mint downloads compromised Richard Kettlewell <rjk@greenend.org.uk> - 2016-02-21 14:06 +0000
Re: 2/20/16 Linux Mint downloads compromised Paul <nospam@needed.com> - 2016-02-21 09:37 -0500
Re: 2/20/16 Linux Mint downloads compromised Richard Kettlewell <rjk@greenend.org.uk> - 2016-02-21 16:06 +0000
Re: 2/20/16 Linux Mint downloads compromised Yrrah <Yrrah-aolm@aolm.invalid> - 2016-02-21 17:40 +0100
csiph-web