Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is how I understand it yes. I can create a new FW and sign it with the vendors key I cracked and it will be trusted to come from the vendor. But generating a malicious FW that has the same signature is still a hash collision problem.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: