Re: Report of collision-generation with MD5

From: Peter C. Lai (sirmoo_at_cowbert.net)
Date: 08/18/04

  • Next message: Claudiu: "Re: Report of collision-generation with MD5"
    Date: Wed, 18 Aug 2004 13:58:04 -0400
    To: David Wolfskill <david@catwhisker.org>
    
    

    Well while collisions are cryptographically significant, they don't
    necessarily impact any operational security of the the hash. (Since the
    collision merely means that there are possibly two inputs which will hash to
    the same digest). Where this could theoretically mean that someone could
    alter a signed message, we have to look at the chance that what was intended
    to be altered will satisfy the conditions for the collision. The only 'real'
    worry about this issue is that if MD5 is already cryptographically challenged
    in this manner, it may be more possible to find a way to reverse the hash.

    You can read the discussion here:
    http://www.rtfm.com/movabletype/archives/2004_08.html#001053
    http://www.rtfm.com/movabletype/archives/2004_03.html#000820

    On Wed, Aug 18, 2004 at 10:24:27AM -0700, David Wolfskill wrote:
    > Just got a pointer to this via ACM "TechNews Alert" for today:
    >
    > http://www.acm.org/technews/articles/2004-6/0818w.html#item2
    >
    > Seems that "... French computer scientist Antoine Joux reported on
    > Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often
    > used with digital signatures...."
    >
    > There's more in the article cited above.
    >
    > Peace,
    > david
    > --
    > David H. Wolfskill david@catwhisker.org
    > Evidence of curmudgeonliness: becoming irritated with the usage of the
    > word "speed" in contexts referring to quantification of network
    > performance, as opposed to "bandwidth" or "latency."
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

    -- 
    Peter C. Lai
    University of Connecticut
    Dept. of Molecular and Cell Biology
    Yale University School of Medicine
    SenseLab | Research Assistant
    http://cowbert.2y.net/
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Claudiu: "Re: Report of collision-generation with MD5"

    Relevant Pages

    • Re: Report of collision-generation with MD5
      ... >>Well while collisions are cryptographically significant, ... >>collision merely means that there are possibly two inputs which will hash ... > As I have no crypto background to evaluate some of the (potentially wild ... > to come up with the same MD5 hash, this would challenge the security of the ...
      (FreeBSD-Security)
    • Re: Report of collision-generation with MD5
      ... >Well while collisions are cryptographically significant, ... >necessarily impact any operational security of the the hash. ... attacker can generate one hash collision in a few hours on a standard PC. ...
      (FreeBSD-Security)
    • Re: Report of collision-generation with MD5
      ... >>Well while collisions are cryptographically significant, ... > that comes to mind is the safety of ports. ... > to come up with the same MD5 hash, this would challenge the security of the ... > attacker can generate one hash collision in a few hours on a standard PC. ...
      (FreeBSD-Security)
    • Re: Two-stage hashing (pre-hash big integer -> hash-array-index)
      ... > hash value instead of the key to generate the probe sequence. ... avoid all hashes with same home index following same collision chain, ... are the same will follow exactly the same collision chain. ... computes what I call the pre-hash, the large unsigned integer, from the ...
      (comp.programming)
    • Re: Panama hash collision question
      ... > No hash is literally collision free. ... We synchronize database systems by forming a checksum for each record ...
      (sci.crypt)