PING -->4Q So you thought md5 is secure did you? Comments please.

D

Dustin Cook

We've known since the middle of the nineties that breaking MD5 was within
reach. The fact there has been so much inertia in getting people to change
is quite incredible really.

At Toorcon this year, Dan Kaminsky showed a way to create two different
webpages that render properly in a browser but have the same MD5 hash.
Anybody who thinks this attack is theortical and ignorable is grossly
mistaken.

There is a known result about MD5 hash function, is this: If MD5(x) == MD5
(y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,
with the same MD5 value, you can append a payload q, and the MD5 value
keeps the same, the size of q is arbitrary.

Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

4Q, Comments?

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 
W

Walter M. Marion

Dustin said:
We've known since the middle of the nineties that breaking MD5 was within
reach. The fact there has been so much inertia in getting people to change
is quite incredible really.

At Toorcon this year, Dan Kaminsky showed a way to create two different
webpages that render properly in a browser but have the same MD5 hash.
Anybody who thinks this attack is theortical and ignorable is grossly
mistaken.

There is a known result about MD5 hash function, is this: If MD5(x) == MD5
(y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,
with the same MD5 value, you can append a payload q, and the MD5 value
keeps the same, the size of q is arbitrary.

Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

4Q, Comments?
Click to expand...

Mr. BugHunter:

Please don't feed the Trolls.

I and others are tired of all the 4Q crap. Don't encourage the lowlife.
 
D

David W. Hodgins

There is a known result about MD5 hash function, is this: If MD5(x) == MD5
(y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,
with the same MD5 value, you can append a payload q, and the MD5 value
keeps the same, the size of q is arbitrary.

Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252
Click to expand...

Just to be sure any lurkers here are clear, the slashdot ariticle, from last Sept,
references a document at http://www.doxpara.com/md5_someday.pdf

That document states, in third paragraph of the introduction ...
"That being said, this paper is not a â€smoking gun†indictment of MD5."

If you read the formula above, it is stating, that IF you already have
two different articles, that produce the same md5 hash, then you can
append another file to both of them, and the resulting two files will
still have the same hash.

It is not saying, that resulting files will have the same hash, as the
original, just that the two new files hashes will still match each other.

Note that you have to still have to find a file whose hash matches the
first file, before you can append the "payload". That matching file still
has to be in an acceptable format, for whatever application/os, the first
file is intended for.

The document is clear, that while the ability to find multiple documents,
that match md5 should be considered a security risk, it also makes it clear
that currently, there is no need to panic.

I would not advise using md5, in new applications, but I wouldn't panic
about it still being in use, either.

Regards, Dave Hodgins
 
D

Dustin Cook

Just to be sure any lurkers here are clear, the slashdot ariticle,
from last Sept, references a document at
http://www.doxpara.com/md5_someday.pdf

That document states, in third paragraph of the introduction ...
"That being said, this paper is not a â€smoking gun†indictment of
MD5."

If you read the formula above, it is stating, that IF you already have
two different articles, that produce the same md5 hash, then you can
append another file to both of them, and the resulting two files will
still have the same hash.

It is not saying, that resulting files will have the same hash, as the
original, just that the two new files hashes will still match each
other.

Note that you have to still have to find a file whose hash matches the
first file, before you can append the "payload". That matching file
still has to be in an acceptable format, for whatever application/os,
the first file is intended for.

The document is clear, that while the ability to find multiple
documents, that match md5 should be considered a security risk, it
also makes it clear that currently, there is no need to panic.

I would not advise using md5, in new applications, but I wouldn't
panic about it still being in use, either.

Regards, Dave Hodgins
Click to expand...

I agree with your assesment of the url Dave. I didn't mean to panic
anyone by posting it. Only meant to remove some speculation.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: (e-mail address removed)
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 
Top