Date: Tue, 4 Dec 2007 11:43:28 -0800 From: Wes Peters <wes@softweyr.com> To: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... Message-ID: <CC1D3A74-1DEF-4710-A070-A067889FE971@softweyr.com>
next in thread | raw e-mail | index | archive | help
Colin Percival asked:
> Norberto Meijome wrote:
>> should some kind of advisory be sent to advise people not to rely
>> solely on MD5 checksums? Maybe an update to the man page is due ? :
>>
>> "
>> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
>> been made that its security is in some doubt. The attacks on
>> MD5 are in
>> the nature of finding ``collisions'' -- that is, multiple
>> inputs which
>> hash to the same value; it is still unlikely for an attacker to
>> be able
>> to determine the exact original input given a hash value.
>> "
>
> I fail to see how the man page is incorrect here. What do you think
> it should
> be saying instead?
Nothing. This is philosophy, which goes far beyond the scope of man
pages.
As a security researcher, it's fun to spend years poking at a problem
until you find a way to exploit it, and the meaning doesn't change if
the exploit takes all of the computing resources that existed in the
known universe up to last year. In the real world, these 'attacks'
have little meaning.
The common uses of MD5 as applied to the average FreeBSD consumer
consist of adding some amount of assurance that the bits said user
just downloaded are indeed the bits (s)he wanted to download. The
probability of someone compromising one or more servers, replacing the
compressed tar image with another compressed tar image of the SAME
LENGTH that is still valid and that manages to do much the same work
as the original, plus some nefarious additional function, is
infinitesimally small.
In theory, theory is better than practice, but in practice, it never is.
The one direction the FreeBSD Project should take from this discussion
is that cryptography, like any form of security, is an arms race.
Utilities that use cryptography for protection should plan on being
able to use newer ciphers from very beginning, because what we have
now will, in practice, NEVER be enough tomorrow, for some tomorrow.
--
Where am I, and what am I doing in this handbasket?
Wes Peters wes@softweyr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CC1D3A74-1DEF-4710-A070-A067889FE971>