Re: MD5 Collisions...

On Mon, 03 Dec 2007 20:25:38 -0800
Colin Percival <cperciva@xxxxxxxxxxx> wrote:

Norberto Meijome wrote:
should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :

MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
been made that its security is in some doubt. The attacks on MD5 are in
the nature of finding ``collisions'' -- that is, multiple inputs which
hash to the same value; it is still unlikely for an attacker to be able
to determine the exact original input given a hash value.

I fail to see how the man page is incorrect here. What do you think it should
be saying instead?

hi Colin,
yeah..the more I read it I see that it isn't wrong... maybe it's something to do with "not yet (2001....)" ...seems rather dated. (the advisory idea was a bad one, i agree, oopsie :) )

I understand that the final nail in MD5's coffin hasn't been found yet ( ie, we cannot "determine the exact original input given a hash value") , but the fact that certain magic bytes can be found (rather quickly) so that any 2 given binaries end up as collisions seems , from my unlearned POV, more serious or sinister than what the text above implies.

We put some strong kind of protection when vulnerabilities are found, in the form of portaudit and failing to build ports that have issues - some stronger words of warning (I am not sure what, precisely, but maybe pointing to a URL on with up to date info on this ? ) could, possibly, be warranted.

Of course, it is only my point of view :)

thanks for your time,
{Beto|Norberto|Numard} Meijome

It is better to remain silent and be thought a fool, than to speak, and remove all doubt.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"