From owner-freebsd-security@FreeBSD.ORG Tue Dec 4 16:11:05 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA78E16A418 for ; Tue, 4 Dec 2007 16:11:05 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from cenn-smtp.mc.mpls.visi.com (cenn.mc.mpls.visi.com [208.42.156.9]) by mx1.freebsd.org (Postfix) with ESMTP id BE3AC13C46B for ; Tue, 4 Dec 2007 16:11:05 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by cenn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 69DD28620; Tue, 4 Dec 2007 10:10:37 -0600 (CST) Received: from build64.tcbug.org (unknown [208.42.70.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tcbug.org (Postfix) with ESMTP id 8BDBE10AA8AA; Tue, 4 Dec 2007 10:10:36 -0600 (CST) From: Josh Paetzel To: freebsd-security@freebsd.org Date: Tue, 4 Dec 2007 10:10:32 -0600 User-Agent: KMail/1.9.7 References: <20071203154412.461d0faf@meijome.net> <4755620E.6010002@argolis.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart23016190.Y3cqKExS6D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200712041010.35935.josh@tcbug.org> Cc: Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2007 16:11:06 -0000 --nextPart23016190.Y3cqKExS6D Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 04 December 2007 09:40:58 am Eygene Ryabinkin wrote: > Matt, good day. > > Tue, Dec 04, 2007 at 09:19:58AM -0500, Matt Piechota wrote: > > Norberto Meijome wrote: > >> I understand that the final nail in MD5's coffin hasn't been found > >> > > > yet ( ie, we cannot "determine the exact original input given a > > > hash value") , but the fact that certain magic bytes can be found > > > (rather quickly) so that any 2 given binaries end up as collisions > > > seems , from my unlearned POV, more serious or sinister than what > > > the text above implies. > > > > I think the big mitigating factor is that you can't easily generate a > > message that has the same length as the original as well as the same > > hash. > > No, read Kaminski's paper (http://www.doxpara.com/md5_someday.pdf): > with Wong's and Joux's multicollision attack (or its extensions) > one can generate files with the same sizes and MD5 hashes. > > The usefullness of this with application to the ports collection > is questionable, since you should make two colliding archives and > both of them should be unpackable and the second should do some > evil things. But strictly speaking, there are attacks producing > files with the same size and MD5 hash. > > http://www.cits.rub.de/MD5Collisions/ is also a good reading. It's not really questionable....for all practical purposes it's worthless. = In=20 order to generate meaningful same-length collisions you need control of the= =20 original file. (Your links go to lengths to explain this...) In the case o= f=20 a ports distfile if you have control of the original file you really don't= =20 need to go to great lengths to generate collisions, you can simply toss you= r=20 malicious content in there right from the get go. =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart23016190.Y3cqKExS6D Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHVXv7JvkB8SevrssRAiGyAJ9+rYo/HNXIeu0FSm3K/BZFaioiOwCfQ+jW 1hzYL9ulgu3lP/5LkKCNCtk= =hnES -----END PGP SIGNATURE----- --nextPart23016190.Y3cqKExS6D--