From owner-freebsd-security@FreeBSD.ORG Wed Aug 18 18:08:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21E2C16A4CE for ; Wed, 18 Aug 2004 18:08:16 +0000 (GMT) Received: from mta2.rdslink.ro (mta2.rdslink.ro [193.231.236.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2FEA43D46 for ; Wed, 18 Aug 2004 18:08:14 +0000 (GMT) (envelope-from dr.clau@rdslink.ro) Received: (qmail 17910 invoked from network); 18 Aug 2004 21:01:59 -0000 Received: from unknown (HELO mail.rdslink.ro) (193.231.236.20) by mta2.rdslink.ro with DES-CBC3-SHA encrypted SMTP; 18 Aug 2004 21:01:59 -0000 Received: (qmail 28028 invoked from network); 18 Aug 2004 18:07:19 -0000 Received: from unknown (HELO ?82.79.29.15?) (82.79.29.15) by mail.rdslink.ro with SMTP; 18 Aug 2004 18:07:19 -0000 Message-ID: <41239B0C.1000703@rdslink.ro> Date: Wed, 18 Aug 2004 21:08:12 +0300 From: Claudiu User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040807) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Peter C. Lai" , freebsd-security@freebsd.org References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> In-Reply-To: <20040818175804.GI346@cowbert.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 18:08:16 -0000 hello, please explain what do you mean by "reverse the hash". Is this the recreation of the originial message from its hash ? With respect, Peter C. Lai wrote: > Well while collisions are cryptographically significant, they don't > necessarily impact any operational security of the the hash. (Since the > collision merely means that there are possibly two inputs which will hash to > the same digest). Where this could theoretically mean that someone could > alter a signed message, we have to look at the chance that what was intended > to be altered will satisfy the conditions for the collision. The only 'real' > worry about this issue is that if MD5 is already cryptographically challenged > in this manner, it may be more possible to find a way to reverse the hash. > > You can read the discussion here: > http://www.rtfm.com/movabletype/archives/2004_08.html#001053 > http://www.rtfm.com/movabletype/archives/2004_03.html#000820 > > On Wed, Aug 18, 2004 at 10:24:27AM -0700, David Wolfskill wrote: > >>Just got a pointer to this via ACM "TechNews Alert" for today: >> >>http://www.acm.org/technews/articles/2004-6/0818w.html#item2 >> >>Seems that "... French computer scientist Antoine Joux reported on >>Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often >>used with digital signatures...." >> >>There's more in the article cited above. >> >>Peace, >>david >>-- >>David H. Wolfskill david@catwhisker.org >>Evidence of curmudgeonliness: becoming irritated with the usage of the >>word "speed" in contexts referring to quantification of network >>performance, as opposed to "bandwidth" or "latency." >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > -- Claudiu Dragalina-Paraipan e-mail: dr.clau@rdslink.ro