Re: Report of collision-generation with MD5

• Previous message: Fernando Gleiser: "Re: Report of collision-generation with MD5"
• In reply to: Claudiu: "Re: Report of collision-generation with MD5"
• Next in thread: Mike Tancsa: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 19 Aug 2004 10:16:37 +0200
To: freebsd-security@freebsd.org

On 18 Aug 2004, at 20:08, Claudiu wrote:

> hello,
>
> please explain what do you mean by "reverse the hash". Is this the
> recreation of the originial message from its hash ?

        You cannot reverse a hash. By definition, it is a non-reversible
mathematical function.
If you get a set of messages and apply a hash to each of them, given a
big enogh set of messages you will find that some of them have the same
hash. The issue is not the existence of collisions. It is obvious that
there will be collisions. The issue is how easy or hard it is to find a
collision.

        Imagine a very simple hash: a checksum. Given a message, M, it is
trivial to generate another message with the same checksum. However,
using a "cryptographically secure" hash, there is no easy method to do
that, other than brute force.

        What researchers have discovered could lead to a shortcut, easier (and
cheaper) to perform that a brute force search for collision finding. It
does not mean that those digests are "broken", but indeed it means that
they are less secure than previously thought.

        Borja.

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Fernando Gleiser: "Re: Report of collision-generation with MD5"
• In reply to: Claudiu: "Re: Report of collision-generation with MD5"
• Next in thread: Mike Tancsa: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: When will md5crk complete? ... and in that case birthday attack ... > His core message is correct however: you shouldn't be using MD5. ... Collisions DO exist for every hash algorithm... ... (sci.crypt) Re: Hashing ... Computing the hash function, which is handled by the instructions: ... reserved word/identifier when searching through the reserved words ... collisions and four slots that have four collisions. ... (alt.lang.asm) Re: Hashing ... A good hash ... > greater is it better performance due to less collisions". ... then the probability that you need a rehash on any scan is something ... > 'hash method' simply because they use hash codes, ... (alt.lang.asm) Re: Collision in SHA-0 ... The entity requesting the certificate can often ... >able to find collisions in the underlying hash function, ... There are collisions and then there are collisions. ... same length as a cert and the same hash. ... (sci.crypt) Re: Collision in SHA-0 ... >> same hash. ... It's not the existence, in a mathematical sense, of collisions that's ... SHA-1, it means either ... if a collision is found by a method faster than brute force, ... (sci.crypt)