[Enigmail] Solved: PGP indicates enigmail signed messages are invalid
Faramir
faramir.cl at gmail.com
Mon Apr 13 11:21:23 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen escribió:
>> Well, some time ago, it was something that was not possible to do even
>> in an unreasonable amount of computing time, now it is possible (with
>> MD5) with an unreasonable amount of computing time...
>
> MD5 collisions can be generated in realtime; we know this to be true and
> have known it to be true for more than a decade.
>
> Currently, MD5 collisions require a few minutes to generate, using some
> fairly high end equipment. That said, neither the time nor expense is
> "unreasonable."
Sorry, I tried to refer to the forged 509 certificate which had a
signature made using MD5. That required more than 1 month IIRC, and a
cluster of PSP, which is something very few people can do... so for
"normal" people, it would be "unreasonable but feasible". I should have
been more clear about that.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJJ44KjAAoJEMV4f6PvczxAelcH/1y0E23SGkNXKVj65bdJ+4bR
SdJKrAZP/htkQLWUICA9Ot0oieqP3Fmc9Y+eZkAkTly4ICmQ7XOAmUPIxiDkAhtJ
p0Kuw75L9utQng/a1FMLJYUDl1PvafHOKNKogiZR6JQ4yLVrAZRraamsARNecJJY
GyGxWdS+gYPf+c8oK+bhkcfm3fkvfPSgZo++wwrs2G0s/g0c7eDaxezg/xLLtAxs
iqOJEcbapbF381pSj24HXgbxqe9jL6LkWLKFIECW8nTnLyd0VbSd1ZS2QNMDIMlc
+dBQJCIpVvh7+wOGibFRYcDzaXuE76uM5RaPhz/XfOs3uUD0RLGHCoYM9ByTztg=
=rT8o
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list