From owner-freebsd-security@FreeBSD.ORG  Thu Aug 19 00:22:34 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D9DF16A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 19 Aug 2004 00:22:34 +0000 (GMT)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 765DF43D31
	for <freebsd-security@freebsd.org>;
	Thu, 19 Aug 2004 00:22:33 +0000 (GMT)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Received: from localhost (localhost [127.0.0.1])
	by cactus.fi.uba.ar (8.12.11/8.12.11) with ESMTP id i7J0N7YQ030724;
	Wed, 18 Aug 2004 21:23:07 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Wed, 18 Aug 2004 21:23:07 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Chris Doherty <chris-freebsd@randomcamel.net>
In-Reply-To: <20040818205440.GL9800@zot.electricrain.com>
Message-ID: <20040818211706.D25438@cactus.fi.uba.ar>
References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org>
	<20040818175804.GI346@cowbert.net> <41239B0C.1000703@rdslink.ro>
	<20040818205440.GL9800@zot.electricrain.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: -104.901 () BAYES_00,USER_IN_WHITELIST
X-Scanned-By: MIMEDefang 2.42
cc: freebsd-security@freebsd.org
Subject: Re: Report of collision-generation with MD5
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2004 00:22:34 -0000

On Wed, 18 Aug 2004, Chris Doherty wrote:

>
> well, technically you're not "reversing the hash": you can't re-create a
> message from its hash, because the information is simply gone--digesting
> algorithms are massively lossy by definition. that is, you can't take a
> 128-bit MD5 hash and recover the original 2-megabyte message, which makes
> sense.
>
> what you can do, if you have a proper attack formula, is find *a* message
> that produces *that one hash*. that is, if I have message M which produces
> hash H, I can use the attack to find *a* message M' which will also
> produce hash H.

There are (potentially) infinite inputs and just 2^128 outputs, so you
can always (given enough time and/or horsepower) greate a colision.

The problem is you need to create a message M' such that it is similar
enough to the original one so the recipient gets fooled he got
the original one. I think the odds of backdooring a source code file
and modifying it so it hashes to the same value are very small.



			Fer