From owner-freebsd-security@FreeBSD.ORG Tue Dec 4 14:20:10 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6ABE16A418 for ; Tue, 4 Dec 2007 14:20:10 +0000 (UTC) (envelope-from piechota@argolis.org) Received: from vms046pub.verizon.net (vms046pub.verizon.net [206.46.252.46]) by mx1.freebsd.org (Postfix) with ESMTP id BDB7213C455 for ; Tue, 4 Dec 2007 14:20:05 +0000 (UTC) (envelope-from piechota@argolis.org) Received: from [192.168.1.2] ([71.162.149.215]) by vms046.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0JSJ00K0K3SQ5QH6@vms046.mailsrvcs.net> for freebsd-security@freebsd.org; Tue, 04 Dec 2007 08:19:39 -0600 (CST) Date: Tue, 04 Dec 2007 09:19:58 -0500 From: Matt Piechota In-reply-to: <20071204231145.0c4be9b7@meijome.net> To: Norberto Meijome Message-id: <4755620E.6010002@argolis.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit References: <20071203154412.461d0faf@meijome.net> <4754D6C2.3030005@freebsd.org> <20071204231145.0c4be9b7@meijome.net> User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) Cc: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2007 14:20:10 -0000 Norberto Meijome wrote: > I understand that the final nail in MD5's coffin hasn't been found > yet ( ie, we cannot "determine the exact original input given a > hash value") , but the fact that certain magic bytes can be found > (rather quickly) so that any 2 given binaries end up as collisions > seems , from my unlearned POV, more serious or sinister than what > the text above implies. I think the big mitigating factor is that you can't easily generate a message that has the same length as the original as well as the same hash. I believe when this came up awhile back, the ports collection (for example) was deemed safe since the scripts checked the file length and MD5 hash, but even so they've started using both MD5 and SHA256 hashes since the odds of a collision using both on the same message are essentially nil.