Re: MD5 Collisions...

Norberto Meijome wrote:
I understand that the final nail in MD5's coffin hasn't been found
> yet ( ie, we cannot "determine the exact original input given a
> hash value") , but the fact that certain magic bytes can be found
> (rather quickly) so that any 2 given binaries end up as collisions
> seems , from my unlearned POV, more serious or sinister than what
> the text above implies.

I think the big mitigating factor is that you can't easily generate a message that has the same length as the original as well as the same hash. I believe when this came up awhile back, the ports collection (for example) was deemed safe since the scripts checked the file length and MD5 hash, but even so they've started using both MD5 and SHA256 hashes since the odds of a collision using both on the same message are essentially nil.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: [PHP] Converting C# Hashing Routines to PHP
    ... thanks for the heads up on how that translates in PHP. ... The login algorithm hashes the ... I'm afraid this is one way hash, ... one for the md5 hash and one for the new hash. ...
    (php.general)
  • Re: [PHP] Converting C# Hashing Routines to PHP
    ... The login algorithm hashes the ... I'm afraid this is one way hash, ... one for the md5 hash and one for the new hash. ...
    (php.general)
  • Re: md5 collisions and speeding tickets
    ... knowing next-to-nothing about hash funcitons or PostScript would then ... forge, according to the "experts" in sci.crypt. ... The MD5 hash for the above challenge is: ... My bet is on scenario 3, followed by scenario 1, followed by scenario ...
    (sci.crypt)
  • Re: MD5 hashes always unique?
    ... If an MD5 hash could uniquely identify a stream of bytes, then it would be an effective mechanism for compressing that stream of bytes. ... Even a 32-bit hash has, however, a very tiny chance of being the same as that for a different stream of bytes, and longer hashes are even more reliable. ...
    (microsoft.public.dotnet.languages.csharp)
  • MD5 Crypto and hashing
    ... I'm trying to convert some code from VB6 API calls to VB.NET. ... computes an MD5 hash that is used elsewhere. ... do to get a 'Session Key' from the MD5 hash that I create? ...
    (microsoft.public.dotnet.languages.vb)