Date: Tue, 4 Dec 2007 10:10:32 -0600 From: Josh Paetzel <josh@tcbug.org> To: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... Message-ID: <200712041010.35935.josh@tcbug.org> In-Reply-To: <j86Qn7T6dHRcitkB0OZsEA@AdzO%2BejjH1kWAVZosFjfSQ> References: <20071203154412.461d0faf@meijome.net> <4755620E.6010002@argolis.org> <j86Qn7T6dHRcitkB0OZsEA@AdzO%2BejjH1kWAVZosFjfSQ>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart23016190.Y3cqKExS6D Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 04 December 2007 09:40:58 am Eygene Ryabinkin wrote: > Matt, good day. > > Tue, Dec 04, 2007 at 09:19:58AM -0500, Matt Piechota wrote: > > Norberto Meijome wrote: > >> I understand that the final nail in MD5's coffin hasn't been found > >> > > > yet ( ie, we cannot "determine the exact original input given a > > > hash value") , but the fact that certain magic bytes can be found > > > (rather quickly) so that any 2 given binaries end up as collisions > > > seems , from my unlearned POV, more serious or sinister than what > > > the text above implies. > > > > I think the big mitigating factor is that you can't easily generate a > > message that has the same length as the original as well as the same > > hash. > > No, read Kaminski's paper (http://www.doxpara.com/md5_someday.pdf): > with Wong's and Joux's multicollision attack (or its extensions) > one can generate files with the same sizes and MD5 hashes. > > The usefullness of this with application to the ports collection > is questionable, since you should make two colliding archives and > both of them should be unpackable and the second should do some > evil things. But strictly speaking, there are attacks producing > files with the same size and MD5 hash. > > http://www.cits.rub.de/MD5Collisions/ is also a good reading. It's not really questionable....for all practical purposes it's worthless. = In=20 order to generate meaningful same-length collisions you need control of the= =20 original file. (Your links go to lengths to explain this...) In the case o= f=20 a ports distfile if you have control of the original file you really don't= =20 need to go to great lengths to generate collisions, you can simply toss you= r=20 malicious content in there right from the get go. =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart23016190.Y3cqKExS6D Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHVXv7JvkB8SevrssRAiGyAJ9+rYo/HNXIeu0FSm3K/BZFaioiOwCfQ+jW 1hzYL9ulgu3lP/5LkKCNCtk= =hnES -----END PGP SIGNATURE----- --nextPart23016190.Y3cqKExS6D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712041010.35935.josh>