MD5 Collisions Made Easy - Linux

This is a discussion on MD5 Collisions Made Easy - Linux ; * Peter Köhlmann peremptorily fired off this memo: > Hadron wrote: >> >> So you were a clueless idiot when you told us swapfiles were no where >> near as efficient as partitions in modern kernels? Or that you can ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 37 of 37

Thread: MD5 Collisions Made Easy

  1. Re: MD5 Collisions Made Easy

    * Peter Köhlmann peremptorily fired off this memo:

    > Hadron wrote:
    >>
    >> So you were a clueless idiot when you told us swapfiles were no where
    >> near as efficient as partitions in modern kernels? Or that you can not
    >> see AA working on a snapshot image?

    >
    > Leave it to Hadron Quark to "defend" clueless nimwits with something which
    > has *nothing* at all to do with the subject at hand, even if it were true
    >
    > Well done, "true linux advocate" Hadron Quark. Showing your true colours
    > again in all their "glory"


    Just be glad he didn't show his "glory hole".

    --
    The idea that Bill Gates has appeared like a knight in shining armour to lead
    all customers out of a mire of technological chaos neatly ignores the fact that
    it was he who, by peddling second-rate technology, led them into it in the
    first place.
    -- Douglas Adams

  2. Re: MD5 Collisions Made Easy

    On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:

    > Linonut writes:
    >
    >> * Peter Köhlmann peremptorily fired off this memo:
    >>
    >>> This is old news, and it does not help MD5-dennis cause a tiny little bit.
    >>> He is, and remains, a completely clueless nimwit, worthy to run Vista

    >>
    >> He's baaaaaa-aaaaaack!

    >
    > We know you've become Roy's sheep but no need to make the same noises.


    It's sad watching a train wreck like Linonut....
    Someday he will realize that Schestowitz conned him, and the rest of COLA.

    That day is growing nearer......

    Schestowitz pisses people off.
    it comes naturally to him.

    What he hasn't counted on is that these people, who know what he is up to,
    are starting to become disenchanted with him and his narcissistic attitude.

    I knew it was only a matter of time, and now that time is close.

    That's the beauty of using a real email address, unlike many of the Linux
    loons.

    Don't touch that dial!


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  3. Re: MD5 Collisions Made Easy

    "Moshe Goldfarb." writes:

    > On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:
    >
    >> Linonut writes:
    >>
    >>> * Peter Köhlmann peremptorily fired off this memo:
    >>>
    >>>> This is old news, and it does not help MD5-dennis cause a tiny little bit.
    >>>> He is, and remains, a completely clueless nimwit, worthy to run Vista
    >>>
    >>> He's baaaaaa-aaaaaack!

    >>
    >> We know you've become Roy's sheep but no need to make the same noises.

    >
    > It's sad watching a train wreck like Linonut....
    > Someday he will realize that Schestowitz conned him, and the rest of COLA.
    >
    > That day is growing nearer......
    >
    > Schestowitz pisses people off.
    > it comes naturally to him.
    >
    > What he hasn't counted on is that these people, who know what he is up to,
    > are starting to become disenchanted with him and his narcissistic
    > attitude.


    Peter Köhlmann admitted it today. But I give Peter his due - despite his
    mistakes (and we all make them) he used to stand his corner without the
    need for killfiles. Plus he hates Mark Kent which can't be all bad either.

  4. Re: MD5 Collisions Made Easy

    Linonut writes:

    > * Peter Köhlmann peremptorily fired off this memo:
    >
    >> Hadron wrote:
    >>>
    >>> So you were a clueless idiot when you told us swapfiles were no where
    >>> near as efficient as partitions in modern kernels? Or that you can not
    >>> see AA working on a snapshot image?

    >>
    >> Leave it to Hadron Quark to "defend" clueless nimwits with something which
    >> has *nothing* at all to do with the subject at hand, even if it were
    >> true


    It was true. Kudos for not denying YOUR mistakes.

    >>
    >> Well done, "true linux advocate" Hadron Quark. Showing your true colours
    >> again in all their "glory"

    >
    > Just be glad he didn't show his "glory hole".


    I guess you would know more about them Liarnut, keeping in mind I had to
    Google what they were. Was that you?!?!?!?

    --
    "Ignore the forging nym-shifting troll who pretends to be chrisv! I'm the *REAL* chrisv!"
    chrisv, COLA.

  5. Re: MD5 Collisions Made Easy

    Peter Köhlmann wrote:

    > Windows: Because everyone needs a good laugh!


    Signed, Dumbkopf
    Lifelong Windows Developer
    Pretend Linux Advocate
    Very Tense Hypocrite



  6. Re: MD5 Collisions Made Easy

    In article <6tv5blcgjrw4.dlg@funkenbusch.com>,
    Erik Funkenbusch wrote:
    > Modifying the original file makes no sense, because the goal of the exploit
    > is to replace the original file with a new one with the same MD5.


    Fortunately, that goal is not at present obtainable.

    To obtain that goal, you have to be able to solve this problem:

    Given an MD5 sum, such as 0bdc54bfed7883b7b294359861e294d0, find a
    file that has MD5 sum.

    (Actually, you need to solve an even harder problem, as for a "replace
    the ISO" attack, it won't do to just come up with any old file that
    matches the MD5 sum of the target. It has to also be a file useful to
    your attack).

    Best solution known for that is still brute force.

    The problem that has been solved for MD5 is this:

    Efficiently generate two files that have the same MD5 sum.

    Note that you do NOT get to pick that MD5 sum.

    --
    --Tim Smith

  7. Re: MD5 Collisions Made Easy

    On Wed, 18 Jun 2008 21:52:35 +0200, Hadron wrote:

    > Peter Köhlmann writes:
    >
    >> Erik Funkenbusch wrote:
    >>
    >>> On Wed, 18 Jun 2008 11:23:07 -0700, Tim Smith wrote:
    >>>
    >>>> In article ,
    >>>> Erik Funkenbusch wrote:
    >>>>> On Wed, 18 Jun 2008 15:36:27 +0200, Peter Köhlmann wrote:
    >>>>>
    >>>>>> Good. Now explain how that would enable any "forging" of ISOs
    >>>>>>
    >>>>>> Nobody claimed that there are no colision attacks possible on MD5. They
    >>>>>> are.
    >>>>>>
    >>>>>> Problem is: You need to control both files (the "untampered" one *and*
    >>>>>> the "tampered" one) to successfully forge MD5 hashes.
    >>>>>
    >>>>> No you don't. You need only replace the ISO with a different ISO that's
    >>>>> been specially designed to create the same MD5 hash as the original ISO.
    >>>>>
    >>>>> The way the hash collision exploits work is that you take an arbitrary
    >>>>> file and add data to it to create a file that generates the same MD5 as
    >>>>> a
    >>>>> different file. This used to be considered too difficult to be
    >>>>> plausible, but it's not anymore.
    >>>>
    >>>> I believe that is not quite correct. You have to add data to *both*
    >>>> files. Given an existing file, that you cannot modify, generating
    >>>> another file that has the same MD5 hash is still infeasible.
    >>>>
    >>>> So, exploiting MD5 is not as easy as just grabbing an ISO, and making
    >>>> your malware version and tweaking that to match the MD5. You have to be
    >>>> more subtle.
    >>>
    >>> That makes no sense. You don't need to add data to the original file
    >>> because it's already got the correct MD5, the whole point of the exploit
    >>> is to create a new file that contains arbitrary data that has the same
    >>> MD5. Then you replace the original file with your new one and nobody is
    >>> the wiser because the MD5 has stayed the same.

    >>
    >> Poor Erik. Should you now call yourself "Otto Kaiser" because you are so
    >> utterly clueless or will "Funkenbusch" still do?

    >
    > He's back. And he's angry!
    >
    > God bless the Germans and their patience with others!
    >
    > Rick and Roy will be getting all excited now the heavy cavalry is back
    > in town with Sabre swinging and pointy helmet firmly fixed on top of his
    > humongus anti-aliased head!


    You owe me a cup of cafe!
    ROTFLMAO!

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  8. Re: MD5 Collisions Made Easy

    On Wed, 18 Jun 2008 22:55:39 +0200, Peter Köhlmann wrote:


    >> Conclusion - Our presented algorithm together with new conditions we've
    >> found allows us to find full MD5collisions in only minutes on a 3Ghz
    >> Pentium4. We have shown that the initial value for theattack can have a
    >> significant impact in the average complexity of MD5 collision finding.
    >> Using2 conditions on the initial value to avoid very hard situations we
    >> reduce our average running timeto 67 seconds. Also with reasonable
    >> probability a collision can be found in mere seconds, which allows
    >> collision finding during a protocol execution."
    >>

    >
    > You posted it yourself, naturally without the tiniest shred of understanding
    > it.
    > It mentioned "collisions". Now do yourself a favour. Read up on "collision
    > attacks" on MD5. And what they constitute.
    >
    > Hint: It is not anything near what you think they are. Don't be another Otto
    > Kaiser. Or another Erik Funkenbusch. Or another MD5-dennis.
    >
    > There are enough clueless nimwits running vista around. No neeed to add
    > another one


    Who the hell is Otto Kaiser?

    Is he related to Kaiser Wilhelm?

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  9. Re: MD5 Collisions Made Easy

    On Thu, 19 Jun 2008 05:01:07 +0200, Hadron wrote:

    > "Moshe Goldfarb." writes:
    >
    >> On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:
    >>
    >>> Linonut writes:
    >>>
    >>>> * Peter Köhlmann peremptorily fired off this memo:
    >>>>
    >>>>> This is old news, and it does not help MD5-dennis cause a tiny little bit.
    >>>>> He is, and remains, a completely clueless nimwit, worthy to run Vista
    >>>>
    >>>> He's baaaaaa-aaaaaack!
    >>>
    >>> We know you've become Roy's sheep but no need to make the same noises.

    >>
    >> It's sad watching a train wreck like Linonut....
    >> Someday he will realize that Schestowitz conned him, and the rest of COLA.
    >>
    >> That day is growing nearer......
    >>
    >> Schestowitz pisses people off.
    >> it comes naturally to him.
    >>
    >> What he hasn't counted on is that these people, who know what he is up to,
    >> are starting to become disenchanted with him and his narcissistic
    >> attitude.

    >
    > Peter Köhlmann admitted it today. But I give Peter his due - despite his
    > mistakes (and we all make them) he used to stand his corner without the
    > need for killfiles. Plus he hates Mark Kent which can't be all bad either.


    The thing about Peter Köhlmann is that he is not a hypocrite in the sense
    of Mark and Roy. What you see is what you get and he stands his ground.
    While he makes silly mistakes now and then, I give him credit for at least
    admitting he programs for Windows and at the same time not getting on a
    pedestal like Kent, expecting others to give their work away for free.

    I consider Peter a decent Linux advocate at least to the point that he uses
    the group, for the most, as a place for discussion instead of a SPAM trap
    like others do.




    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  10. Re: MD5 Collisions Made Easy

    Hadron wrote:

    > "Moshe Goldfarb." writes:
    >
    >> On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:
    >>
    >>> Linonut writes:
    >>>
    >>>> * Peter Köhlmann peremptorily fired off this memo:
    >>>>
    >>>>> This is old news, and it does not help MD5-dennis cause a tiny little
    >>>>> bit. He is, and remains, a completely clueless nimwit, worthy to run
    >>>>> Vista
    >>>>
    >>>> He's baaaaaa-aaaaaack!
    >>>
    >>> We know you've become Roy's sheep but no need to make the same noises.

    >>
    >> It's sad watching a train wreck like Linonut....
    >> Someday he will realize that Schestowitz conned him, and the rest of
    >> COLA.
    >>
    >> That day is growing nearer......
    >>
    >> Schestowitz pisses people off.
    >> it comes naturally to him.
    >>
    >> What he hasn't counted on is that these people, who know what he is up
    >> to, are starting to become disenchanted with him and his narcissistic
    >> attitude.

    >
    > Peter Köhlmann admitted it today.


    I have not "admitted" anything about Roy. I have repeatedly stated that I
    don't like this kind of posts, which just put pro-linux articles into cola
    without adding his own view on them. I also have repeatedly stated that
    although I don't like them, he should continue with them as you wintrolls
    have not found a way to counter them, except by flooding the group with
    drivel. Which kind of gives away that you guys are helpless and screaming
    with rage because of it (just look at the massive flood of pure junk posted
    by DFS. Not a single intelligent word in it)

    > But I give Peter his due - despite his
    > mistakes (and we all make them) he used to stand his corner without the
    > need for killfiles.


    Wrong. I use killfiles in other groups. And I have a killfile of two entries
    (currently) for cola. Inhabitants of that are "cc" and "Snot", both for
    being incredible dishonest filth. They are in it for lifetime, and I will
    not even see their drivel except when quoted

    > Plus he hates Mark Kent which can't be all bad either.


    I do not "hate" Mark Kent. He is a hothead with an agenda I can only think
    of as completely wrong (GPL3), and he is one of those guys who "know better
    than the rest and will decide for them what is good for the world".
    I deeply despise that attitude. Nobody is going to decide what is good for
    me except myself

    Well, and you are equally a disgrace to humankind, you are not really any
    better than filth like Snot or flatfish. Mark Kent at least tries (with the
    wrong attitude) to make things better. You and your ilk try to make things
    worse for everyone. Mark Kent (mostly) tries to be honest. You (and
    flatfish, Snot, DFS and other assorted trolls) don't even try to be honest.
    You guys are deeply dishonest in all your posts
    --
    Lord, grant me the serenity to accept the things I can not change,
    the courage to change the things I can, and the wisdom to hide the
    bodies of those I had to kill because they pissed me off.


  11. Re: MD5 Collisions Made Easy

    On Thu, 19 Jun 2008 07:58:00 +0200, Peter Köhlmann wrote:

    > Hadron wrote:
    >
    >> "Moshe Goldfarb." writes:
    >>
    >>> On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:
    >>>
    >>>> Linonut writes:
    >>>>
    >>>>> * Peter Köhlmann peremptorily fired off this memo:
    >>>>>
    >>>>>> This is old news, and it does not help MD5-dennis cause a tiny little
    >>>>>> bit. He is, and remains, a completely clueless nimwit, worthy to run
    >>>>>> Vista
    >>>>>
    >>>>> He's baaaaaa-aaaaaack!
    >>>>
    >>>> We know you've become Roy's sheep but no need to make the same noises.
    >>>
    >>> It's sad watching a train wreck like Linonut....
    >>> Someday he will realize that Schestowitz conned him, and the rest of
    >>> COLA.
    >>>
    >>> That day is growing nearer......
    >>>
    >>> Schestowitz pisses people off.
    >>> it comes naturally to him.
    >>>
    >>> What he hasn't counted on is that these people, who know what he is up
    >>> to, are starting to become disenchanted with him and his narcissistic
    >>> attitude.

    >>
    >> Peter Köhlmann admitted it today.

    >
    > I have not "admitted" anything about Roy. I have repeatedly stated that I
    > don't like this kind of posts, which just put pro-linux articles into cola
    > without adding his own view on them. I also have repeatedly stated that
    > although I don't like them, he should continue with them as you wintrolls
    > have not found a way to counter them, except by flooding the group with
    > drivel. Which kind of gives away that you guys are helpless and screaming
    > with rage because of it (just look at the massive flood of pure junk posted
    > by DFS. Not a single intelligent word in it)


    Why bother countering Schestowitz's idiocy, except in cases where he is
    completely incorrect?

    Schestowitz is his own worst enemy.
    The other groups he posts in have figured this out a long time ago.
    The more Roy Schestowitz continues his campaign of idiocy, misleading
    subject lines and paranoid conspiracy theories, the worse he makes himself
    look.
    No additional work is required to make him look like an idiot because he
    does all the work himself.



    >> But I give Peter his due - despite his
    >> mistakes (and we all make them) he used to stand his corner without the
    >> need for killfiles.

    >
    > Wrong. I use killfiles in other groups. And I have a killfile of two entries
    > (currently) for cola. Inhabitants of that are "cc" and "Snot", both for
    > being incredible dishonest filth. They are in it for lifetime, and I will
    > not even see their drivel except when quoted


    I have one person scored down, that idiot Doug Mental and his nyms.

    >> Plus he hates Mark Kent which can't be all bad either.

    >
    > I do not "hate" Mark Kent. He is a hothead with an agenda I can only think
    > of as completely wrong (GPL3), and he is one of those guys who "know better
    > than the rest and will decide for them what is good for the world".
    > I deeply despise that attitude. Nobody is going to decide what is good for
    > me except myself
    >
    > Well, and you are equally a disgrace to humankind, you are not really any
    > better than filth like Snot or flatfish. Mark Kent at least tries (with the
    > wrong attitude) to make things better. You and your ilk try to make things
    > worse for everyone. Mark Kent (mostly) tries to be honest. You (and
    > flatfish, Snot, DFS and other assorted trolls) don't even try to be honest.
    > You guys are deeply dishonest in all your posts


    I don't hate anyone in this group including Mark Kent.
    I just feel he is a massive hypocrite and an idiot on top of that.
    And he is far from honest BTW but mostly because i suspect he really
    believes the BS he posts and not that he is lying on purpose.
    At least I hope it's that way. Doesn't matter to me though.

    Schestowitz is the most dishonest person in the group and all it takes is
    one day of checking his posts to come to that conclusion.


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  12. Re: MD5 Collisions Made Easy

    On Jun 19, 1:58*am, Peter Köhlmann wrote:
    > Hadron wrote:
    > > "Moshe Goldfarb." writes:

    >
    > >> On Wed, 18 Jun 2008 17:30:23 +0200, Hadron wrote:

    >
    > >>> Linonut writes:

    >
    > >>>> * Peter Köhlmann peremptorily fired off this memo:

    >
    > >>>>> This is old news, and it does not help MD5-dennis cause a tiny little
    > >>>>> bit. He is, and remains, a completely clueless nimwit, worthy to run
    > >>>>> Vista

    >
    > >>>> He's baaaaaa-aaaaaack!

    >
    > >>> We know you've become Roy's sheep but no need to make the same noises..

    >
    > >> It's sad watching a train wreck like Linonut....
    > >> Someday he will realize that Schestowitz conned him, and the rest of
    > >> COLA.

    >
    > >> That day is growing nearer......

    >
    > >> Schestowitz pisses people off.
    > >> it comes naturally to him.

    >
    > >> What he hasn't counted on is that these people, who know what he is up
    > >> to, are starting to become disenchanted with him and his narcissistic
    > >> attitude.

    >
    > > Peter Köhlmann admitted it today.

    >
    > I have not "admitted" anything about Roy. I have repeatedly stated that I
    > don't like this kind of posts, which just put pro-linux articles into cola
    > without adding his own view on them. I also have repeatedly stated that
    > although I don't like them, he should continue with them as you wintrolls
    > have not found a way to counter them, except by flooding the group with
    > drivel. Which kind of gives away that you guys are helpless and screaming
    > with rage because of it (just look at the massive flood of pure junk posted
    > by DFS. Not a single intelligent word in it)
    >
    > > But I give Peter his due - despite his
    > > mistakes (and we all make them) he used to stand his corner without the
    > > need for killfiles.

    >
    > Wrong. I use killfiles in other groups. And I have a killfile of two entries
    > (currently) for cola. Inhabitants of that are "cc" and "Snot", both for
    > being incredible dishonest filth. They are in it for lifetime, and I will
    > not even see their drivel except when quoted
    >


    Well if posting fundemental facts makes me dishonest filth, then
    guilty as charged. I love you too, Petey!

  13. Re: MD5 Collisions Made Easy

    On Wed, 18 Jun 2008 12:58:50 -0700, Tim Smith
    wrote:

    >In article ,
    > OK wrote:
    >> >
    >> >I believe that is not quite correct. You have to add data to *both*
    >> >files. Given an existing file, that you cannot modify, generating
    >> >another file that has the same MD5 hash is still infeasible.

    >>
    >> Do some research before spouting nonsense. You might even stumble upon
    >> small read-made compiled utilities that will make *any* file match
    >> *any* MD5.

    >
    >Interesting that those utilities have *completely* escaped the notice of
    >the cryptographic community. The state of the art currently allows
    >generating pairs of files with matching MD5 sums.


    I forgot that your current notion of "state of the art" is stuck
    somewhere in the '70, sorry.

    Now Google MD5 collision generator when you get a chance.

  14. Re: MD5 Collisions Made Easy

    On Wed, 18 Jun 2008 21:39:20 +0200, Peter Köhlmann
    wrote:

    >OK wrote:
    >
    >> On Wed, 18 Jun 2008 11:23:07 -0700, Tim Smith
    >> wrote:
    >>
    >>>In article ,
    >>> Erik Funkenbusch wrote:
    >>>> On Wed, 18 Jun 2008 15:36:27 +0200, Peter Köhlmann wrote:
    >>>>
    >>>> > Good. Now explain how that would enable any "forging" of ISOs
    >>>> >
    >>>> > Nobody claimed that there are no colision attacks possible on MD5.
    >>>> > They are.
    >>>> >
    >>>> > Problem is: You need to control both files (the "untampered" one *and*
    >>>> > the "tampered" one) to successfully forge MD5 hashes.
    >>>>
    >>>> No you don't. You need only replace the ISO with a different ISO that's
    >>>> been specially designed to create the same MD5 hash as the original ISO.
    >>>>
    >>>> The way the hash collision exploits work is that you take an arbitrary
    >>>> file and add data to it to create a file that generates the same MD5 as
    >>>> a
    >>>> different file. This used to be considered too difficult to be
    >>>> plausible, but it's not anymore.
    >>>
    >>>I believe that is not quite correct. You have to add data to *both*
    >>>files. Given an existing file, that you cannot modify, generating
    >>>another file that has the same MD5 hash is still infeasible.

    >>
    >> Do some research before spouting nonsense. You might even stumble upon
    >> small read-made compiled utilities that will make *any* file match
    >> *any* MD5.

    >
    >Fine. As you are so adept at finding stuff like that, you will certainly
    >point the "mere mortals" to those "fairy dust tools"


    Use Google.

    >>>
    >>>So, exploiting MD5 is not as easy as just grabbing an ISO, and making
    >>>your malware version and tweaking that to match the MD5. You have to be
    >>>more subtle.

    >>
    >> No you don't. Script kiddies can do it.

    >
    >Oh gods, Otto Kaiser is still around to show that, when you think it can't
    >get any dumber, he proves that it well can be


  15. Re: MD5 Collisions Made Easy

    On Thu, 19 Jun 2008 11:29:50 +0200, "KUTLOZE SCHEEFGEPOEPTE"
    wrote:

    >"Peter Köhlmann" schreef in bericht
    >news:48596468$0$6545$9b4e6d93@newsspool3.arcor-online.net...
    >> OK wrote:
    >>
    >>> On Wed, 18 Jun 2008 11:23:07 -0700, Tim Smith
    >>> wrote:
    >>>
    >>>>In article ,
    >>>> Erik Funkenbusch wrote:
    >>>>> On Wed, 18 Jun 2008 15:36:27 +0200, Peter Köhlmann wrote:
    >>>>>
    >>>>> > Good. Now explain how that would enable any "forging" of ISOs
    >>>>> >
    >>>>> > Nobody claimed that there are no colision attacks possible on MD5.
    >>>>> > They are.
    >>>>> >
    >>>>> > Problem is: You need to control both files (the "untampered" one
    >>>>> > *and*
    >>>>> > the "tampered" one) to successfully forge MD5 hashes.
    >>>>>
    >>>>> No you don't. You need only replace the ISO with a different ISO
    >>>>> that's
    >>>>> been specially designed to create the same MD5 hash as the original
    >>>>> ISO.
    >>>>>
    >>>>> The way the hash collision exploits work is that you take an arbitrary
    >>>>> file and add data to it to create a file that generates the same MD5 as
    >>>>> a
    >>>>> different file. This used to be considered too difficult to be
    >>>>> plausible, but it's not anymore.
    >>>>
    >>>>I believe that is not quite correct. You have to add data to *both*
    >>>>files. Given an existing file, that you cannot modify, generating
    >>>>another file that has the same MD5 hash is still infeasible.
    >>>
    >>> Do some research before spouting nonsense. You might even stumble upon
    >>> small read-made compiled utilities that will make *any* file match
    >>> *any* MD5.

    >>

    >
    >
    >Please explain, why your still here, you less than ****ing useless penile
    >wart.


    Just Google MD5 collision generator and you will be less of an idiot
    in about 0.2s

  16. Re: MD5 Collisions Made Easy

    OK wrote:

    > On Wed, 18 Jun 2008 21:39:20 +0200, Peter Köhlmann
    > wrote:
    >
    >>OK wrote:
    >>
    >>> On Wed, 18 Jun 2008 11:23:07 -0700, Tim Smith
    >>> wrote:
    >>>
    >>>>In article ,
    >>>> Erik Funkenbusch wrote:
    >>>>> On Wed, 18 Jun 2008 15:36:27 +0200, Peter Köhlmann wrote:
    >>>>>
    >>>>> > Good. Now explain how that would enable any "forging" of ISOs
    >>>>> >
    >>>>> > Nobody claimed that there are no colision attacks possible on MD5.
    >>>>> > They are.
    >>>>> >
    >>>>> > Problem is: You need to control both files (the "untampered" one
    >>>>> > *and* the "tampered" one) to successfully forge MD5 hashes.
    >>>>>
    >>>>> No you don't. You need only replace the ISO with a different ISO
    >>>>> that's been specially designed to create the same MD5 hash as the
    >>>>> original ISO.
    >>>>>
    >>>>> The way the hash collision exploits work is that you take an arbitrary
    >>>>> file and add data to it to create a file that generates the same MD5
    >>>>> as a
    >>>>> different file. This used to be considered too difficult to be
    >>>>> plausible, but it's not anymore.
    >>>>
    >>>>I believe that is not quite correct. You have to add data to *both*
    >>>>files. Given an existing file, that you cannot modify, generating
    >>>>another file that has the same MD5 hash is still infeasible.
    >>>
    >>> Do some research before spouting nonsense. You might even stumble upon
    >>> small read-made compiled utilities that will make *any* file match
    >>> *any* MD5.

    >>
    >>Fine. As you are so adept at finding stuff like that, you will certainly
    >>point the "mere mortals" to those "fairy dust tools"

    >
    > Use Google.
    >



    In short, Otto Kaiser is making stuff up out of full cloth
    What surprise. He is, after all, a worthy windows user. Full of it
    --
    Any idiot can run XP. And usually does.


  17. Re: MD5 Collisions Made Easy

    In article ,
    OK wrote:
    > >> >I believe that is not quite correct. You have to add data to *both*
    > >> >files. Given an existing file, that you cannot modify, generating
    > >> >another file that has the same MD5 hash is still infeasible.
    > >>
    > >> Do some research before spouting nonsense. You might even stumble upon
    > >> small read-made compiled utilities that will make *any* file match
    > >> *any* MD5.

    > >
    > >Interesting that those utilities have *completely* escaped the notice of
    > >the cryptographic community. The state of the art currently allows
    > >generating pairs of files with matching MD5 sums.

    >
    > I forgot that your current notion of "state of the art" is stuck
    > somewhere in the '70, sorry.
    >
    > Now Google MD5 collision generator when you get a chance.


    You are very confused. Given an existing file and its MD5 sum, a
    collision generator is *useless* for solving the problem of generating
    another file with the same MD5 sum as the given file. What a collision
    generator is useful for is generating two new files that have the same
    MD5 sum as each other.

    --
    --Tim Smith

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2