From owner-freebsd-security@FreeBSD.ORG Wed Aug 18 20:54:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AC9716A4CE for ; Wed, 18 Aug 2004 20:54:44 +0000 (GMT) Received: from electricrain.com (electricrain.com [64.71.143.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id D110143D1D for ; Wed, 18 Aug 2004 20:54:43 +0000 (GMT) (envelope-from fuzzy@electricrain.com) Received: (qmail 15744 invoked by uid 540); 18 Aug 2004 20:54:41 -0000 Date: Wed, 18 Aug 2004 13:54:41 -0700 From: Chris Doherty To: freebsd-security@freebsd.org Message-ID: <20040818205440.GL9800@zot.electricrain.com> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <41239B0C.1000703@rdslink.ro> <20040818182957.GK346@cowbert.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040818182957.GK346@cowbert.net> User-Agent: Mutt/1.4i X-Operating-System: XEmacs X-Koan: mu. X-Message-Flag: This message contains absolutely no malicious code. Organization: The Inside Foundation Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chris-freebsd@randomcamel.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 20:54:44 -0000 On Wed, Aug 18, 2004 at 02:29:57PM -0400, Peter C. Lai said: > On Wed, Aug 18, 2004 at 09:08:12PM +0300, Claudiu wrote: > > hello, > > > > please explain what do you mean by "reverse the hash". Is this the > > recreation of the originial message from its hash ? > > The short answer is yes. The slightly longer answer is that such is only one > specific case. The general case is that the digest should not reveal any > information about the original message. well, technically you're not "reversing the hash": you can't re-create a message from its hash, because the information is simply gone--digesting algorithms are massively lossy by definition. that is, you can't take a 128-bit MD5 hash and recover the original 2-megabyte message, which makes sense. what you can do, if you have a proper attack formula, is find *a* message that produces *that one hash*. that is, if I have message M which produces hash H, I can use the attack to find *a* message M' which will also produce hash H. I suppose the possibility exists that M' will equal the original M, but I'd speculate that the odds are remarkably small. chris ------------------------------- Chris Doherty chris [at] randomcamel.net "I think," said Christopher Robin, "that we ought to eat all our provisions now, so we won't have so much to carry." -- A. A. Milne -------------------------------