From owner-freebsd-security@FreeBSD.ORG Wed Aug 18 18:24:33 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3551916A4D0 for ; Wed, 18 Aug 2004 18:24:33 +0000 (GMT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 9517E43D53 for ; Wed, 18 Aug 2004 18:24:32 +0000 (GMT) (envelope-from sirmoo@cowbert.net) Received: (qmail 48792 invoked by uid 1001); 18 Aug 2004 18:24:32 -0000 Date: Wed, 18 Aug 2004 14:24:32 -0400 From: "Peter C. Lai" To: Mike Tancsa Message-ID: <20040818182432.GJ346@cowbert.net> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 18:24:33 -0000 On Wed, Aug 18, 2004 at 02:21:18PM -0400, Mike Tancsa wrote: > At 01:58 PM 18/08/2004, Peter C. Lai wrote: > >Well while collisions are cryptographically significant, they don't > >necessarily impact any operational security of the the hash. (Since the > >collision merely means that there are possibly two inputs which will hash > >to > >the same digest). > > > As I have no crypto background to evaluate some of the (potentially wild > and erroneous) claims being made in the popular press* (eg > http://news.com.com/2100-1002_3-5313655.html see quote below), one thing > that comes to mind is the safety of ports. If someone can pad an archive > to come up with the same MD5 hash, this would challenge the security of the > FreeBSD ports system no ? Yes that is the potential worry. But if you step back from cryptography for a minute and look at information theory, it would only matter if changes to an archive are meaningful to the attacker. Since I am not an expert in information theory, I can't calculate how likely it is that a significant (meaningful content alteration) change to the archive can result in one which causes a collision. The necessary changes that have to be made to the archive to generate the same hash may prevent it from being untar'd or the build to break, or something similar. It is probably still more likely that an attacker would alter an archive and then attempt to change the reported hash in the INDEX to that of the new hash. Then again, everything I'm saying is pure speculation. > > * "MD5's flaws that have been identified in the past few days mean that an > attacker can generate one hash collision in a few hours on a standard PC. > To write a specific back door and cloak it with the same hash collision may > be much more time intensive. " > > ---Mike > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/