md5 collision - Security

This is a discussion on md5 collision - Security ; Peter Pearson wrote: > Pat Farrell wrote: >> Based on MD5 in what way? Not in any technical aspect, other >> than both were designed to be cryptographically strong hashes. > > The nature of the mushing, however, is very ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 77

Thread: md5 collision

  1. Re: md5 collision

    Peter Pearson wrote:
    > Pat Farrell wrote:
    >> Based on MD5 in what way? Not in any technical aspect, other
    >> than both were designed to be cryptographically strong hashes.

    >
    > The nature of the mushing, however, is very similar:
    > a dataflow diagram of MD5 looks very much like a dataflow
    > diagram of SHA.


    Sure, they are both basically feisel ciphers.

    Lots of ciphers are feisel ciphers, a dataflow diagram
    doesn't show much. Take clear text, smush it some, end up
    with weird garbage looking stuff.

    Idea, AES, DES, lets look like that.

    > Since SHA-1 appeared to be a very robust design, but has
    > recently been found to be weak, the crypto community is
    > perplexed by the realization that we don't know much about
    > designing hash functions.


    Found to have a flaw is not the same as "weak"
    Which do you mean?

    At some level, all crypto is voodoo.

    --
    Pat



  2. Re: md5 collision

    Ralf Fassel said:
    >* Unruh
    >| b)One cannot create collisions. One can generate two files which
    >| have the same md5 hash. One cannot create a second file with the
    >| same md5 hash as a given file.

    ....
    >| One cannot create a second file with the same md5 hash as a given
    >| file.
    >
    >I just did? Or do you (obviously?) mean 'a second file with different
    >contents than the first one'?


    Yep. So, it has been found out that it is relatively easy (or at least
    much easier than it should have been) to create two distinct files with
    the same MD5 checksum. But only if you create the second file somehow
    based on the first one.

    If you just have the md5 hash, it is still relatively hard to generate
    data which would produce the same hash.
    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)

  3. Re: md5 collision

    Peter Pearson wrote:

    > matt_left_coast wrote:
    >
    >> Unruh wrote:
    >>
    >>>>When dealing with the first case, you create the first of the two files,
    >>>>then the file IS known. Then you would be dealing with the second case.
    >>>
    >>> But you have to create them together. You cannot create one and then
    >>> make another which has the same md5.

    >>
    >> Exact process, please.

    >
    > The logic here escapes me. Unruh appears to be claiming that
    > you cannot do something ("cannot create one and then make
    > another which has the same md5"), and matt_left_coast appears
    > to be asserting that Unruh should support that claim by
    > detailing how to do something. You cannot show that something
    > is impossible by showing how to do something. If
    > matt_left_coast wishes to claim that one can find a preimage
    > to a given hash, it's up to him to specify how.
    >
    > A recent paper on md5 attacks is "Improved Collision Attack on MD5"
    > by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
    > available at http://eprint.iacr.org/2005/400.pdf. The procedure
    > is outlined in section 3.4. While the details are not essential
    > to this discussion, the alert reader will note that the attack
    > does *not* produce a preimage for a given hash, but rather produces
    > a pair of messages whose hashes match. Unruh is quite right.
    >


    Are the two files useful for ANYTHING? What are you going to do, put up one
    of the files for download and swap it for the other? Yeah, you can generate
    virtually random files that have the same MD5 value but what is the use? It
    is a meaningless exercise in mental masturbation. Other than to prove it
    can be done, what use is it? Can you come up with a truly useful "attack"
    that could be based on this?

    Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
    that 2 legitimate files exist in any place where it could be an issue is so
    ridiculously remote and other issues so much more important that it is
    probably not worth the effort devoted to this discussion.

    --



  4. Re: md5 collision

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>
    >>>>>Unruh wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>matt_left_coast writes:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>Unruh wrote:
    >>>>>>
    >>>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>>second case.
    >>>>>>>>
    >>>>>>>>But you have to create them together. You cannot create one and then
    >>>>>>>>make another which has the same md5.
    >>>>>>
    >>>>>>>Exact process, please.
    >>>>>>
    >>>>>>Go read the papers.
    >>>>>
    >>>>>
    >>>>>Well, I'll take that as proof you are just bull ****ting, as I thought.
    >>>>>
    >>>>
    >>>>Is it proof of the same thing when you do it?
    >>>>
    >>>>You seem to do it alot
    >>>
    >>>
    >>>Where?
    >>>

    >>
    >>Do you have a problem with recall?
    >>
    >>here, wish list overcoming NIS

    >
    >
    > Eh? Where in this thread did I say anything like "Go read the papers."? No
    > where.
    >
    >
    >>here there everywhere

    >
    >
    > I see you have made an accusation you can not back up. If you have any thing
    > REAL to back up your personal attacks, please provide examples.
    >

    You have them go read the threads named.

  5. Re: md5 collision

    In comp.os.linux.security matt_left_coast :
    > Unruh wrote:


    >> matt_left_coast writes:
    >>
    >>>Unruh wrote:

    >>
    >>>>>When dealing with the first case, you create the first of the two files,
    >>>>>then the file IS known. Then you would be dealing with the second case.
    >>>>
    >>>> But you have to create them together. You cannot create one and then
    >>>> make another which has the same md5.

    >>
    >>>Exact process, please.

    >>
    >> Go read the papers.


    > Well, I'll take that as proof you are just bull ****ting, as I thought.


    Please calm down.

    This should give a little more insight:

    http://www.cits.rub.de/MD5Collisions/

    There is heavily math involved, so you can be sure Bill is almost
    always right.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 301: appears to be a Slow/Narrow SCSI-0 Interface
    problem

  6. Re: md5 collision

    matt_left_coast wrote:
    > Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
    > that 2 legitimate files exist in any place where it could be an issue is
    > so ridiculously remote and other issues so much more important that it is
    > probably not worth the effort devoted to this discussion.


    Generally correct. But it costs nothing to use a better hash.
    So we need to tell people to just stop using MD5 and use whatever
    SHA* that your threat model requires.

    --
    Pat



  7. Re: md5 collision

    Pat Farrell wrote:

    > matt_left_coast wrote:
    >> Quite frankly, people worried about the MD5 thing are nuts, the
    >> likelyhood that 2 legitimate files exist in any place where it could be
    >> an issue is so ridiculously remote and other issues so much more
    >> important that it is probably not worth the effort devoted to this
    >> discussion.

    >
    > Generally correct. But it costs nothing to use a better hash.
    > So we need to tell people to just stop using MD5 and use whatever
    > SHA* that your threat model requires.
    >


    Oh? So, a company that is makes hevy use of MD5 can cut over with no cost?
    BS.
    --



  8. Re: md5 collision

    Michael Heiming wrote:

    > In comp.os.linux.security matt_left_coast :
    >> Unruh wrote:

    >
    >>> matt_left_coast writes:
    >>>
    >>>>Unruh wrote:
    >>>
    >>>>>>When dealing with the first case, you create the first of the two
    >>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>second case.
    >>>>>
    >>>>> But you have to create them together. You cannot create one and then
    >>>>> make another which has the same md5.
    >>>
    >>>>Exact process, please.
    >>>
    >>> Go read the papers.

    >
    >> Well, I'll take that as proof you are just bull ****ting, as I thought.

    >
    > Please calm down.
    >
    > This should give a little more insight:
    >
    > http://www.cits.rub.de/MD5Collisions/
    >
    > There is heavily math involved, so you can be sure Bill is almost
    > always right.
    >


    If you read it carefully, it also does not say it is IMPOSSIBLE to create a
    second file. Given enough time and computer power, it could well be done.
    The point is, does it make any difference to create a files in that method?
    Can they be used for ANYTHING? Like wise, is it worth the effort to make a
    second file that has the same checksum value. Also, the fact that you can,
    with a great deal of effort create 2 files that have the same MD5 value,
    there is nothing that shows that every file can have a second file with the
    same checksum. Indeed, I see nothing that shows that ANY pre-existing file
    can have a checksum that can be shared with another file. In short it may
    be that only a very few of all the files in the world can even HAVE a
    second file with the same checksum much less have it be an issue.

    The evidence I have seen does not show that this is a serious issue at all.

    --



  9. Re: md5 collision

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>matt_left_coast wrote:
    >>>
    >>>>Jan Pompe wrote:
    >>>>
    >>>>
    >>>>
    >>>>>matt_left_coast wrote:
    >>>>>
    >>>>>
    >>>>>>Unruh wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>matt_left_coast writes:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>Unruh wrote:
    >>>>>>>
    >>>>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>>>second case.
    >>>>>>>>>
    >>>>>>>>>But you have to create them together. You cannot create one and
    >>>>>>>>>then make another which has the same md5.
    >>>>>>>
    >>>>>>>>Exact process, please.
    >>>>>>>
    >>>>>>>Go read the papers.
    >>>>>>
    >>>>>>
    >>>>>>Well, I'll take that as proof you are just bull ****ting, as I
    >>>>>>thought.
    >>>>>>
    >>>>>
    >>>>>Is it proof of the same thing when you do it?
    >>>>>
    >>>>>You seem to do it alot
    >>>>
    >>>>
    >>>>Where?
    >>>>
    >>>
    >>>Do you have a problem with recall?
    >>>
    >>>here, wish list overcoming NIS

    >>
    >>
    >> Eh? Where in this thread did I say anything like "Go read the papers."?
    >> No where.
    >>
    >>
    >>>here there everywhere

    >>
    >>
    >> I see you have made an accusation you can not back up. If you have any
    >> thing REAL to back up your personal attacks, please provide examples.
    >>

    > You have them go read the threads named.


    I asked for EXAMPLES but you have not provided anything verifiable, you are
    full of ****. Provide message ID of where I do what you claim.
    --



  10. Re: md5 collision

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>matt_left_coast wrote:
    >>>
    >>>>Jan Pompe wrote:
    >>>>
    >>>>
    >>>>
    >>>>>matt_left_coast wrote:
    >>>>>
    >>>>>
    >>>>>>Unruh wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>matt_left_coast writes:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>Unruh wrote:
    >>>>>>>
    >>>>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>>>second case.
    >>>>>>>>>
    >>>>>>>>>But you have to create them together. You cannot create one and
    >>>>>>>>>then make another which has the same md5.
    >>>>>>>
    >>>>>>>>Exact process, please.
    >>>>>>>
    >>>>>>>Go read the papers.
    >>>>>>
    >>>>>>
    >>>>>>Well, I'll take that as proof you are just bull ****ting, as I
    >>>>>>thought.
    >>>>>>
    >>>>>
    >>>>>Is it proof of the same thing when you do it?
    >>>>>
    >>>>>You seem to do it alot
    >>>>
    >>>>
    >>>>Where?
    >>>>
    >>>
    >>>Do you have a problem with recall?
    >>>
    >>>here, wish list overcoming NIS

    >>
    >>
    >> Eh? Where in this thread did I say anything like "Go read the papers."?
    >> No where.
    >>
    >>
    >>>here there everywhere

    >>
    >>
    >> I see you have made an accusation you can not back up. If you have any
    >> thing REAL to back up your personal attacks, please provide examples.
    >>

    > You have them go read the threads named.


    Within the thread I reffer back to a statement MADE IN THAT THREAD. I reffer
    to the ORIGINAL POST OF THE TREAD. I have NEVER said "Go read the papers."
    where there is NO link to the "papers" within the thread. There is a big
    difference between referring back to something said in a conversation and
    referring to something that has not been mentioned and in such a generic
    way as " Go read the papers." Too bad you are too stupid to understand
    that.

    --



  11. Re: md5 collision

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>
    >>>>>Jan Pompe wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>matt_left_coast wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>Unruh wrote:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>matt_left_coast writes:
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>>Unruh wrote:
    >>>>>>>>
    >>>>>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>>>>second case.
    >>>>>>>>>>
    >>>>>>>>>>But you have to create them together. You cannot create one and
    >>>>>>>>>>then make another which has the same md5.
    >>>>>>>>
    >>>>>>>>>Exact process, please.
    >>>>>>>>
    >>>>>>>>Go read the papers.
    >>>>>>>
    >>>>>>>
    >>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
    >>>>>>>thought.
    >>>>>>>
    >>>>>>
    >>>>>>Is it proof of the same thing when you do it?
    >>>>>>
    >>>>>>You seem to do it alot
    >>>>>
    >>>>>
    >>>>>Where?
    >>>>>
    >>>>
    >>>>Do you have a problem with recall?
    >>>>
    >>>>here, wish list overcoming NIS
    >>>
    >>>
    >>>Eh? Where in this thread did I say anything like "Go read the papers."?
    >>>No where.
    >>>
    >>>
    >>>
    >>>>here there everywhere
    >>>
    >>>
    >>>I see you have made an accusation you can not back up. If you have any
    >>>thing REAL to back up your personal attacks, please provide examples.
    >>>

    >>
    >>You have them go read the threads named.

    >
    >
    > I asked for EXAMPLES but you have not provided anything verifiable, you are
    > full of ****. Provide message ID of where I do what you claim.


    You can verify it by checking your posts in the threads I named.

    Don't be lazy.

  12. Re: md5 collision

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>matt_left_coast wrote:
    >>
    >>>Jan Pompe wrote:
    >>>
    >>>
    >>>
    >>>>matt_left_coast wrote:
    >>>>
    >>>>
    >>>>>Jan Pompe wrote:
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>matt_left_coast wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>Unruh wrote:
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>>>matt_left_coast writes:
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>
    >>>>>>>>>Unruh wrote:
    >>>>>>>>
    >>>>>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>>>>second case.
    >>>>>>>>>>
    >>>>>>>>>>But you have to create them together. You cannot create one and
    >>>>>>>>>>then make another which has the same md5.
    >>>>>>>>
    >>>>>>>>>Exact process, please.
    >>>>>>>>
    >>>>>>>>Go read the papers.
    >>>>>>>
    >>>>>>>
    >>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
    >>>>>>>thought.
    >>>>>>>
    >>>>>>
    >>>>>>Is it proof of the same thing when you do it?
    >>>>>>
    >>>>>>You seem to do it alot
    >>>>>
    >>>>>
    >>>>>Where?
    >>>>>
    >>>>
    >>>>Do you have a problem with recall?
    >>>>
    >>>>here, wish list overcoming NIS
    >>>
    >>>
    >>>Eh? Where in this thread did I say anything like "Go read the papers."?
    >>>No where.
    >>>
    >>>
    >>>
    >>>>here there everywhere
    >>>
    >>>
    >>>I see you have made an accusation you can not back up. If you have any
    >>>thing REAL to back up your personal attacks, please provide examples.
    >>>

    >>
    >>You have them go read the threads named.

    >
    >
    > Within the thread I reffer back to a statement MADE IN THAT THREAD. I reffer
    > to the ORIGINAL POST OF THE TREAD. I have NEVER said "Go read the papers."
    > where there is NO link to the "papers" within the thread. There is a big
    > difference between referring back to something said in a conversation and
    > referring to something that has not been mentioned and in such a generic
    > way as " Go read the papers." Too bad you are too stupid to understand
    > that.
    >

    It seems you are just too stupid to realize it amounts to the same type
    of rudeness that you have committed and are complaining about in others.

    In short you are the pot calling the kettle black.

  13. Re: md5 collision

    Jan Pompe wrote:

    > It seems you are just too stupid to realize it amounts to the same type
    > of rudeness that you have committed and are complaining about in others.
    >
    > In short you are the pot calling the kettle black.


    Wow, how profound. I know EXACTLY how rude I am being. When confronted with
    someone as stupid as you I will get rude. The thing is, I can be nice,
    stupidity such as your is permanent.

    --



  14. Re: md5 collision

    Jan Pompe wrote:

    >> I asked for EXAMPLES but you have not provided anything verifiable, you
    >> are full of ****. Provide message ID of where I do what you claim.

    >
    > You can verify it by checking your posts in the threads I named.
    >
    > Don't be lazy.


    I have. I referred withen the context of a conversation, I referred to
    something within that conversation. If you have a problem with THAT, you
    are more of an idiot that I ever imagined. If you can not understand the
    difference between referring to something that was said in a conversation
    vs the statement "Go read the papers." When there was no previous mention
    of "the papers" in the conversation, then you are a bigger idiot than I
    thought.

    --



  15. Re: md5 collision

    In comp.os.linux.security matt_left_coast :
    > Michael Heiming wrote:


    >> In comp.os.linux.security matt_left_coast :
    >>> Unruh wrote:

    >>
    >>>> matt_left_coast writes:
    >>>>
    >>>>>Unruh wrote:
    >>>>
    >>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>second case.
    >>>>>>
    >>>>>> But you have to create them together. You cannot create one and then
    >>>>>> make another which has the same md5.
    >>>>
    >>>>>Exact process, please.
    >>>>
    >>>> Go read the papers.

    >>
    >>> Well, I'll take that as proof you are just bull ****ting, as I thought.

    >>
    >> Please calm down.
    >>
    >> This should give a little more insight:
    >>
    >> http://www.cits.rub.de/MD5Collisions/
    >>
    >> There is heavily math involved, so you can be sure Bill is almost
    >> always right.
    >>


    > If you read it carefully, it also does not say it is IMPOSSIBLE to create a
    > second file. Given enough time and computer power, it could well be done.


    You have completely missed the point, in the above example the
    second file does make sense. Dunno why you make such a trouble
    out of the matter.

    [..]

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 146: Communications satellite used by the military
    for star wars.

  16. Re: md5 collision

    matt_left_coast wrote:
    > Jan Pompe wrote:
    >
    >
    >>It seems you are just too stupid to realize it amounts to the same type
    >>of rudeness that you have committed and are complaining about in others.
    >>
    >>In short you are the pot calling the kettle black.

    >
    >
    > Wow, how profound. I know EXACTLY how rude I am being. When confronted with
    > someone as stupid as you I will get rude. The thing is, I can be nice,


    I doubt it your ego is far too inflated for that.



  17. Re: md5 collision

    Michael Heiming wrote:

    > In comp.os.linux.security matt_left_coast :
    >> Michael Heiming wrote:

    >
    >>> In comp.os.linux.security matt_left_coast :
    >>>> Unruh wrote:
    >>>
    >>>>> matt_left_coast writes:
    >>>>>
    >>>>>>Unruh wrote:
    >>>>>
    >>>>>>>>When dealing with the first case, you create the first of the two
    >>>>>>>>files, then the file IS known. Then you would be dealing with the
    >>>>>>>>second case.
    >>>>>>>
    >>>>>>> But you have to create them together. You cannot create one and then
    >>>>>>> make another which has the same md5.
    >>>>>
    >>>>>>Exact process, please.
    >>>>>
    >>>>> Go read the papers.
    >>>
    >>>> Well, I'll take that as proof you are just bull ****ting, as I thought.
    >>>
    >>> Please calm down.
    >>>
    >>> This should give a little more insight:
    >>>
    >>> http://www.cits.rub.de/MD5Collisions/
    >>>
    >>> There is heavily math involved, so you can be sure Bill is almost
    >>> always right.
    >>>

    >
    >> If you read it carefully, it also does not say it is IMPOSSIBLE to create
    >> a second file. Given enough time and computer power, it could well be
    >> done.

    >
    > You have completely missed the point, in the above example the
    > second file does make sense. Dunno why you make such a trouble
    > out of the matter.
    >
    > [..]
    >


    Show me ONE documented example of this EVER ACTUALLY happening. The fact
    that someone can write a fable does not mean it is an issue.

    --



  18. Re: md5 collision

    Jan Pompe wrote:

    > matt_left_coast wrote:
    >> Jan Pompe wrote:
    >>
    >>
    >>>It seems you are just too stupid to realize it amounts to the same type
    >>>of rudeness that you have committed and are complaining about in others.
    >>>
    >>>In short you are the pot calling the kettle black.

    >>
    >>
    >> Wow, how profound. I know EXACTLY how rude I am being. When confronted
    >> with someone as stupid as you I will get rude. The thing is, I can be
    >> nice,

    >
    > I doubt it your ego is far too inflated for that.


    that the best you can do?

    --



  19. Re: md5 collision

    Juha Laiho writes:

    >Ralf Fassel said:
    >>* Unruh
    >>| b)One cannot create collisions. One can generate two files which
    >>| have the same md5 hash. One cannot create a second file with the
    >>| same md5 hash as a given file.

    >...
    >>| One cannot create a second file with the same md5 hash as a given
    >>| file.
    >>
    >>I just did? Or do you (obviously?) mean 'a second file with different
    >>contents than the first one'?


    >Yep. So, it has been found out that it is relatively easy (or at least
    >much easier than it should have been) to create two distinct files with
    >the same MD5 checksum. But only if you create the second file somehow
    >based on the first one.


    NOt only that but you have to change the first file in order to get the
    second file to have the same hash. Ie, given file A it is hard to find a
    file B that has the hash of A But it is easy to alter A so that a B with
    the same hash as the altered A can be found.


    >If you just have the md5 hash, it is still relatively hard to generate
    >data which would produce the same hash.


  20. Re: md5 collision

    matt_left_coast writes:

    >Peter Pearson wrote:


    >> matt_left_coast wrote:
    >>
    >>> Unruh wrote:
    >>>
    >>>>>When dealing with the first case, you create the first of the two files,
    >>>>>then the file IS known. Then you would be dealing with the second case.
    >>>>
    >>>> But you have to create them together. You cannot create one and then
    >>>> make another which has the same md5.
    >>>
    >>> Exact process, please.

    >>
    >> The logic here escapes me. Unruh appears to be claiming that
    >> you cannot do something ("cannot create one and then make
    >> another which has the same md5"), and matt_left_coast appears
    >> to be asserting that Unruh should support that claim by
    >> detailing how to do something. You cannot show that something
    >> is impossible by showing how to do something. If
    >> matt_left_coast wishes to claim that one can find a preimage
    >> to a given hash, it's up to him to specify how.
    >>
    >> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
    >> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
    >> available at http://eprint.iacr.org/2005/400.pdf. The procedure
    >> is outlined in section 3.4. While the details are not essential
    >> to this discussion, the alert reader will note that the attack
    >> does *not* produce a preimage for a given hash, but rather produces
    >> a pair of messages whose hashes match. Unruh is quite right.
    >>


    >Are the two files useful for ANYTHING? What are you going to do, put up one
    >of the files for download and swap it for the other? Yeah, you can generate
    >virtually random files that have the same MD5 value but what is the use? It
    >is a meaningless exercise in mental masturbation. Other than to prove it
    >can be done, what use is it? Can you come up with a truly useful "attack"
    >that could be based on this?


    No. The two files can contain some random parts, but that can be hidden in
    many file formats. Ie, it is easy to create two different word files which
    have some random junk in the file area which is not used by word to create
    the text such that the two files have the same md5 hash.



    >Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
    >that 2 legitimate files exist in any place where it could be an issue is so
    >ridiculously remote and other issues so much more important that it is
    >probably not worth the effort devoted to this discussion.


    No it is not. It is now easy for a crook to have you give you one document, and
    then produce another with entirely different text but with exactly the same
    MD5 hash which is what he claims he signed.





+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast