That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result in exactly the same MD5 hash as the original.
I actually tried it out for myself... and indeed the two different
documents produced the exact same MD5 sum.
Now I'm wondering... does this mean that I now need to download PHP
binaries from multiple "trusted" sources, do the checksums on each
separate download, *and* do a diff for each binary? That way a cracker
has to infiltrate multiple servers in order for me to be affected by a
cracked PHP binary?
Very interesting indeed...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
