First major public exploitation of a compare-by-hash based system

In December, a team of hackers took the time to implement a full exploit of SSL certificates signed with a broken hash function (MD5). The paper is entitled MD5 Considered Harmful Today (a charming reference to the classic MD5 Considered Harmful Someday. This piece of news has been in my “to-blog” queue for the betterContinue reading “First major public exploitation of a compare-by-hash based system”

HOWTO debug silent data corruption

Back when I worked at Sun, I used to listen starry-eyed at the knees of senior engineers while they told their tales of debugging silent data corruption. They were really good stories – hardware with obscure manufacturing defects that didn’t show up until really optimized code ran on the chip, rogue SCSI drivers overwriting blocksContinue reading “HOWTO debug silent data corruption”

The code monkey’s guide to cryptographic hashes for content-based addressing

At long last, I’ve written and published the “compare-by-hash for programmers” article everyone’s always been asking for. You can read it chopped into 17 pieces and partially obscured by floating ads here: http://www.linuxworld.com/news/2007/111207-hash.html (My editor says: Please please complain about this! No one believes me when I say this is bad!) Or you can readContinue reading “The code monkey’s guide to cryptographic hashes for content-based addressing”