Re: Report of collision-generation with MD5

• Previous message: Claudiu: "Re: Report of collision-generation with MD5"
• In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Next in thread: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Reply: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Reply: Matthew Seaman: "Re: Report of collision-generation with MD5"
• Reply: guy_at_device.dyndns.org: "Re: Report of collision-generation with MD5"
• Reply: Jan Grant: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Aug 2004 14:21:18 -0400
To: "Peter C. Lai" <sirmoo@cowbert.net>

At 01:58 PM 18/08/2004, Peter C. Lai wrote:
>Well while collisions are cryptographically significant, they don't
>necessarily impact any operational security of the the hash. (Since the
>collision merely means that there are possibly two inputs which will hash to
>the same digest).

As I have no crypto background to evaluate some of the (potentially wild
and erroneous) claims being made in the popular press* (eg
http://news.com.com/2100-1002_3-5313655.html see quote below), one thing
that comes to mind is the safety of ports. If someone can pad an archive
to come up with the same MD5 hash, this would challenge the security of the
FreeBSD ports system no ?

* "MD5's flaws that have been identified in the past few days mean that an
attacker can generate one hash collision in a few hours on a standard PC.
To write a specific back door and cloak it with the same hash collision may
be much more time intensive. "

         ---Mike

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Claudiu: "Re: Report of collision-generation with MD5"
• In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Next in thread: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Reply: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Reply: Matthew Seaman: "Re: Report of collision-generation with MD5"
• Reply: guy_at_device.dyndns.org: "Re: Report of collision-generation with MD5"
• Reply: Jan Grant: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Two-stage hashing (pre-hash big integer -> hash-array-index) ... > hash value instead of the key to generate the probe sequence. ... avoid all hashes with same home index following same collision chain, ... are the same will follow exactly the same collision chain. ... computes what I call the pre-hash, the large unsigned integer, from the ... (comp.programming) Re: Report of collision-generation with MD5 ... Well while collisions are cryptographically significant, ... necessarily impact any operational security of the the hash. ... to be altered will satisfy the conditions for the collision. ... Yale University School of Medicine ... (FreeBSD-Security) Re: Panama hash collision question ... > No hash is literally collision free. ... We synchronize database systems by forming a checksum for each record ... (sci.crypt) Re: Determining the encryption used ... impression that if a password verification system is checking passwords ... against a hash table, all you needed was a collision (as this would hash ... They involve generating two seperate hashes which have a collision. ... The collision attacks found can break the security of cryptographic ... (Pen-Test) Re: Report of collision-generation with MD5 ... >>Well while collisions are cryptographically significant, ... >>collision merely means that there are possibly two inputs which will hash ... > As I have no crypto background to evaluate some of the (potentially wild ... > to come up with the same MD5 hash, this would challenge the security of the ... (FreeBSD-Security)