From owner-freebsd-security@FreeBSD.ORG Tue Dec 4 15:57:14 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F205616A468 for ; Tue, 4 Dec 2007 15:57:13 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id A663713C45A for ; Tue, 4 Dec 2007 15:57:13 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=d8K2CYRmq6djm2YeVz+Lb+3p+RDYiPTwGZzxbDtLmF9wN7CqWIqFdD1QylJlkp4SLhnNeAvF7C+ZOrE9yOkc2PYU8YLcCCGfltv8EnzktuL6mjBBiZoMMDqwuDI/VGi1NdhzyAdNafsEjS54IXWHRKCyLwvEa3yPRbCJsZNlMfg=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1IzZtM-0002nG-6V; Tue, 04 Dec 2007 18:41:00 +0300 Date: Tue, 4 Dec 2007 18:40:58 +0300 From: Eygene Ryabinkin To: Matt Piechota Message-ID: References: <20071203154412.461d0faf@meijome.net> <4754D6C2.3030005@freebsd.org> <20071204231145.0c4be9b7@meijome.net> <4755620E.6010002@argolis.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4755620E.6010002@argolis.org> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_20 Cc: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2007 15:57:14 -0000 Matt, good day. Tue, Dec 04, 2007 at 09:19:58AM -0500, Matt Piechota wrote: > Norberto Meijome wrote: >> I understand that the final nail in MD5's coffin hasn't been found > > yet ( ie, we cannot "determine the exact original input given a > > hash value") , but the fact that certain magic bytes can be found > > (rather quickly) so that any 2 given binaries end up as collisions > > seems , from my unlearned POV, more serious or sinister than what > > the text above implies. > > I think the big mitigating factor is that you can't easily generate a > message that has the same length as the original as well as the same hash. No, read Kaminski's paper (http://www.doxpara.com/md5_someday.pdf): with Wong's and Joux's multicollision attack (or its extensions) one can generate files with the same sizes and MD5 hashes. The usefullness of this with application to the ports collection is questionable, since you should make two colliding archives and both of them should be unpackable and the second should do some evil things. But strictly speaking, there are attacks producing files with the same size and MD5 hash. http://www.cits.rub.de/MD5Collisions/ is also a good reading. -- Eygene