Re: Report of collision-generation with MD5

From: Peter C. Lai (sirmoo_at_cowbert.net)
Date: 08/18/04

  • Next message: Peter C. Lai: "Re: Report of collision-generation with MD5" 
    Date: Wed, 18 Aug 2004 14:24:32 -0400
To: Mike Tancsa <mike@sentex.net>

    On Wed, Aug 18, 2004 at 02:21:18PM -0400, Mike Tancsa wrote:
    > At 01:58 PM 18/08/2004, Peter C. Lai wrote:
    > >Well while collisions are cryptographically significant, they don't
    > >necessarily impact any operational security of the the hash. (Since the
    > >collision merely means that there are possibly two inputs which will hash
    > >to
    > >the same digest).
    >
    >
    > As I have no crypto background to evaluate some of the (potentially wild
    > and erroneous) claims being made in the popular press* (eg
    > http://news.com.com/2100-1002_3-5313655.html see quote below), one thing
    > that comes to mind is the safety of ports. If someone can pad an archive
    > to come up with the same MD5 hash, this would challenge the security of the
    > FreeBSD ports system no ?

    Yes that is the potential worry. But if you step back from cryptography for
    a minute and look at information theory, it would only matter if changes
    to an archive are meaningful to the attacker. Since I am not an expert
    in information theory, I can't calculate how likely it is that a significant
    (meaningful content alteration) change to the archive can result in one
    which causes a collision. The necessary changes that have to be made to the
    archive to generate the same hash may prevent it from being untar'd or the
    build to break, or something similar. It is probably still more likely that
    an attacker would alter an archive and then attempt to change the reported
    hash in the INDEX to that of the new hash. Then again, everything I'm saying
    is pure speculation.

    >
    > * "MD5's flaws that have been identified in the past few days mean that an
    > attacker can generate one hash collision in a few hours on a standard PC.
    > To write a specific back door and cloak it with the same hash collision may
    > be much more time intensive. "
    >
    > ---Mike
    > 

    -- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Peter C. Lai: "Re: Report of collision-generation with MD5"

    Relevant Pages

    • Re: Two-stage hashing (pre-hash big integer -> hash-array-index)
      ... > hash value instead of the key to generate the probe sequence. ... avoid all hashes with same home index following same collision chain, ... are the same will follow exactly the same collision chain. ... computes what I call the pre-hash, the large unsigned integer, from the ...
      (comp.programming)
    • Re: Report of collision-generation with MD5
      ... Well while collisions are cryptographically significant, ... necessarily impact any operational security of the the hash. ... to be altered will satisfy the conditions for the collision. ... Yale University School of Medicine ...
      (FreeBSD-Security)
    • Re: Panama hash collision question
      ... > No hash is literally collision free. ... We synchronize database systems by forming a checksum for each record ...
      (sci.crypt)
    • Re: keys and counters
      ... how many times can the counter be incremented before there is a collision in the hash, that is what i am asking. ... A hash function operated in such a counter mode as you suggest does not have this property - if I can guess or discover the input to the first block then I will know all the other blocks. ... You might think that some attacks are unreasonable/infeasible but do you really know what is possible to the world's largest employer of mathematicians, who have had for many years the world's largest computer budget and unlimited access to 60 plus years of classified research or what is possible for any of the other multi-billion dollar "smaller" big brothers?. ...
      (sci.crypt)
    • Re: Using hash to see if objects attributes have changed
      ... Storing the entire object instead of the hash is not likely to be *that* ... If all you care about is a flag that says whether the state has changed ... stateNow = hashlib.sha1)) ... across such a collision, leading to a bug that might cause loss of data. ...
      (comp.lang.python)