Re: Report of collision-generation with MD5

• Previous message: Brett Glass: "Re: Report of collision-generation with MD5"
• In reply to: Chris Doherty: "Re: Report of collision-generation with MD5"
• Next in thread: Tig: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Aug 2004 21:23:07 -0300 (ART)
To: Chris Doherty <chris-freebsd@randomcamel.net>

On Wed, 18 Aug 2004, Chris Doherty wrote:

>
> well, technically you're not "reversing the hash": you can't re-create a
> message from its hash, because the information is simply gone--digesting
> algorithms are massively lossy by definition. that is, you can't take a
> 128-bit MD5 hash and recover the original 2-megabyte message, which makes
> sense.
>
> what you can do, if you have a proper attack formula, is find *a* message
> that produces *that one hash*. that is, if I have message M which produces
> hash H, I can use the attack to find *a* message M' which will also
> produce hash H.

There are (potentially) infinite inputs and just 2^128 outputs, so you
can always (given enough time and/or horsepower) greate a colision.

The problem is you need to create a message M' such that it is similar
enough to the original one so the recipient gets fooled he got
the original one. I think the odds of backdooring a source code file
and modifying it so it hashes to the same value are very small.

                        Fer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Brett Glass: "Re: Report of collision-generation with MD5"
• In reply to: Chris Doherty: "Re: Report of collision-generation with MD5"
• Next in thread: Tig: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1) ... SHA-1 is 160 bit hash. ... MS> professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong ... Wang's research focusses on hash algorithms. ... (Full-Disclosure) Re: A different aproach to archiving files ... >> checking and throw out the modulo computation. ... >But that would result in the hash depending on only ... >> produce multiple small values from different algorithms, ... Depends on the hash algorithms. ... (comp.os.linux.development.apps) Re: Uniqness of Hash Values ... >for duplicate files - but not quite). ... >How good are the hash algorithms for creating Unique references? ... bigger the key the less likely a dupe is but it will happen. ... (borland.public.delphi.non-technical) Re: Lost password + MD5 ? ... For clarity's sake: I do not claim to be an encryption-expert. ... > Obviously different strings can create the same MD5 hash. ... > long as the data being encrypted (before any compression algorithms). ... (comp.lang.php) Re: NSEC3, version 12, ... In section 12.1.3 ("Using New or Unknown Hash Algorithms"), ... Imagine a resolver that only supports NSEC3-SHA256 (or some other new ... but not NSEC3-SHA1 (or whatever the zone is currently ... (comp.protocols.dns.std)