Re: md5 collision



matt_left_coast <not@xxxxxxxxxx> writes:

>Michael Heiming wrote:

>> In comp.os.linux.security matt_left_coast <not@xxxxxxxxxx>:
>>> Michael Heiming wrote:
>>
>>>> In comp.os.linux.security matt_left_coast <not@xxxxxxxxxx>:
>>>>> Unruh wrote:
>>>>
>>>>>> matt_left_coast <not@xxxxxxxxxx> writes:
>>>>>>
>>>>>>>Unruh wrote:
>>>>>>
>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>second case.
>>>>>>>>
>>>>>>>> But you have to create them together. You cannot create one and then
>>>>>>>> make another which has the same md5.
>>>>>>
>>>>>>>Exact process, please.
>>>>>>
>>>>>> Go read the papers.
>>>>
>>>>> Well, I'll take that as proof you are just bull shitting, as I thought.
>>>>
>>>> Please calm down.
>>>>
>>>> This should give a little more insight:
>>>>
>>>> http://www.cits.rub.de/MD5Collisions/
>>>>
>>>> There is heavily math involved, so you can be sure Bill is almost
>>>> always right.
>>>>
>>
>>> If you read it carefully, it also does not say it is IMPOSSIBLE to create
>>> a second file. Given enough time and computer power, it could well be
>>> done.
>>
>> You have completely missed the point, in the above example the
>> second file does make sense. Dunno why you make such a trouble
>> out of the matter.
>>
>> [..]
>>

>Show me ONE documented example of this EVER ACTUALLY happening. The fact
>that someone can write a fable does not mean it is an issue.

What kind of position is this to take? It is shown that it is easy to spoof
a letter. Now you want to be shown that it has actually damaged someone.
DO you have the same reaction to crypto? Use a system that is proven to be
weak and easily cracked but demand that anyone who points it out to you
prove that that has led to damages?

Anyway, you may do what you want. The warning is to the rest of the world
who have higher standards than you apparently do in what crypto stuff you
use.


.