Re: MD5 Collisions...

On Tuesday 04 December 2007 09:40:58 am Eygene Ryabinkin wrote:
Matt, good day.

Tue, Dec 04, 2007 at 09:19:58AM -0500, Matt Piechota wrote:
Norberto Meijome wrote:
I understand that the final nail in MD5's coffin hasn't been found

yet ( ie, we cannot "determine the exact original input given a
hash value") , but the fact that certain magic bytes can be found
(rather quickly) so that any 2 given binaries end up as collisions
seems , from my unlearned POV, more serious or sinister than what
the text above implies.

I think the big mitigating factor is that you can't easily generate a
message that has the same length as the original as well as the same
hash.

No, read Kaminski's paper (http://www.doxpara.com/md5_someday.pdf):
with Wong's and Joux's multicollision attack (or its extensions)
one can generate files with the same sizes and MD5 hashes.

The usefullness of this with application to the ports collection
is questionable, since you should make two colliding archives and
both of them should be unpackable and the second should do some
evil things. But strictly speaking, there are attacks producing
files with the same size and MD5 hash.

http://www.cits.rub.de/MD5Collisions/ is also a good reading.

It's not really questionable....for all practical purposes it's worthless. In
order to generate meaningful same-length collisions you need control of the
original file. (Your links go to lengths to explain this...) In the case of
a ports distfile if you have control of the original file you really don't
need to go to great lengths to generate collisions, you can simply toss your
malicious content in there right from the get go.

--
Thanks,

Josh Paetzel

PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB

Attachment: signature.asc
Description: This is a digitally signed message part.

Relevant Pages

  • Re: Revert MD4
    ... For example a file of 3 Mb may have a collision in a 300 Kb file as in a 2 Tb file!!! ... I mean a MD4 in a not-so-hostile environment where you have some information about the original file. ... there are just under 200,000 3MB files with the same hash ...
    (sci.math)
  • Re: Revert MD4
    ... For example a file of 3 Mb may have a collision in a 300 Kb file as in a 2 Tb file!!! ... I mean a MD4 in a not-so-hostile environment where you have some information about the original file. ... there are just under 200,000 3MB files with the same hash ...
    (sci.math)
  • Re: When will md5crk complete?
    ... and in that case birthday attack ... > His core message is correct however: you shouldn't be using MD5. ... Collisions DO exist for every hash algorithm... ...
    (sci.crypt)
  • Re: Hashing
    ... Computing the hash function, which is handled by the instructions: ... reserved word/identifier when searching through the reserved words ... collisions and four slots that have four collisions. ...
    (alt.lang.asm)
  • Re: Hashing
    ... A good hash ... > greater is it better performance due to less collisions". ... then the probability that you need a rehash on any scan is something ... > 'hash method' simply because they use hash codes, ...
    (alt.lang.asm)