From owner-freebsd-security@FreeBSD.ORG Tue Dec 4 12:11:52 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32E4F16A475 for ; Tue, 4 Dec 2007 12:11:52 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id EEBFC13C459 for ; Tue, 4 Dec 2007 12:11:51 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 3956 invoked from network); 4 Dec 2007 06:11:51 -0600 Received: from 124-170-55-25.dyn.iinet.net.au (HELO localhost) (124.170.55.25) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Dec 2007 06:11:51 -0600 Date: Tue, 4 Dec 2007 23:11:45 +1100 From: Norberto Meijome To: Colin Percival Message-ID: <20071204231145.0c4be9b7@meijome.net> In-Reply-To: <4754D6C2.3030005@freebsd.org> References: <20071203154412.461d0faf@meijome.net> <4754D6C2.3030005@freebsd.org> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2007 12:11:52 -0000 On Mon, 03 Dec 2007 20:25:38 -0800 Colin Percival wrote: > Norberto Meijome wrote: > > should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : > > > > " > > MD5 has not yet (2001-09-03) been broken, but sufficient attacks have > > been made that its security is in some doubt. The attacks on MD5 are in > > the nature of finding ``collisions'' -- that is, multiple inputs which > > hash to the same value; it is still unlikely for an attacker to be able > > to determine the exact original input given a hash value. > > " > > I fail to see how the man page is incorrect here. What do you think it should > be saying instead? hi Colin, yeah..the more I read it I see that it isn't wrong... maybe it's something to do with "not yet (2001....)" ...seems rather dated. (the advisory idea was a bad one, i agree, oopsie :) ) I understand that the final nail in MD5's coffin hasn't been found yet ( ie, we cannot "determine the exact original input given a hash value") , but the fact that certain magic bytes can be found (rather quickly) so that any 2 given binaries end up as collisions seems , from my unlearned POV, more serious or sinister than what the text above implies. We put some strong kind of protection when vulnerabilities are found, in the form of portaudit and failing to build ports that have issues - some stronger words of warning (I am not sure what, precisely, but maybe pointing to a URL on freebsd.org with up to date info on this ? ) could, possibly, be warranted. Of course, it is only my point of view :) thanks for your time, B _________________________ {Beto|Norberto|Numard} Meijome It is better to remain silent and be thought a fool, than to speak, and remove all doubt. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.