Re: md5 collision

Michael Heiming wrote:

> In comp.os.linux.security matt_left_coast <not@xxxxxxxxxx>:
>> Unruh wrote:
>
>>> matt_left_coast <not@xxxxxxxxxx> writes:
>>>
>>>>Unruh wrote:
>>>
>>>>>>When dealing with the first case, you create the first of the two
>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>second case.
>>>>>
>>>>> But you have to create them together. You cannot create one and then
>>>>> make another which has the same md5.
>>>
>>>>Exact process, please.
>>>
>>> Go read the papers.
>
>> Well, I'll take that as proof you are just bull shitting, as I thought.
>
> Please calm down.
>
> This should give a little more insight:
>
> http://www.cits.rub.de/MD5Collisions/
>
> There is heavily math involved, so you can be sure Bill is almost
> always right.
>

If you read it carefully, it also does not say it is IMPOSSIBLE to create a
second file. Given enough time and computer power, it could well be done.
The point is, does it make any difference to create a files in that method?
Can they be used for ANYTHING? Like wise, is it worth the effort to make a
second file that has the same checksum value. Also, the fact that you can,
with a great deal of effort create 2 files that have the same MD5 value,
there is nothing that shows that every file can have a second file with the
same checksum. Indeed, I see nothing that shows that ANY pre-existing file
can have a checksum that can be shared with another file. In short it may
be that only a very few of all the files in the world can even HAVE a
second file with the same checksum much less have it be an issue.

The evidence I have seen does not show that this is a serious issue at all.

--


.

Quantcast