Re: MD5CRK is now LIVE
From: Jean-Luc Cooke (jlcooke_at_engsoc.org)
Date: 03/08/04
- Next message: Jean-Luc Cooke: "Re: Variation on CTR mode"
- Previous message: John Hadstate: "Re: A secure, trustworthy Win XP compitable encryption program with GUI interface?"
- In reply to: Francois Grieu: "Re: MD5CRK is now LIVE"
- Next in thread: Michael Amling: "Re: MD5CRK is now LIVE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Mar 2004 21:42:23 GMT
Francois Grieu <fgrieu@micronet.fr> wrote:
> Yes. Your latest post acted like an eye-opener to me.
> I mean it. My reasoning on why SSL certificates would be
> out of reach of MD5CRK, or simimar, was incorrect.
> As you show, SSL certificates are vulnerable to certain
> form of message collision attacks. I now have to dive into
> the details of the format of SSL certs to try determine
> if they are vulnerable, or not, to Paul van Oorschot and
> Michael Wiener's attack, or simple extensions thereof.
> Until that's done, and maybe after, I'm no longer sure
> SSL certificates based on MD5 are safe.
> BTW, unless I am badly mistaken in the other direction,
> Paul van Oorschot and Michael Wiener's attack can be
> extended, with only a doubling of the effort, to find
> MD5-colliding messages with entirely chosen and
> different beginning, provided
> - the messages are of the same length
> - one is willing to tolerate about 128 bits of
> randomness in the last 512 bits block where the
> (padded) messages differ.
I would agree, since the 128bit state would be the same into the last
md5-compress function. Back in the day when I tried to "latch on" to
the NEO project, I proposed a contract from Homer Simpson to Bart
Simpson where Homer promised Bart $1, but Bart being a deceptivly
cleaver cryptographer would re-write the contract to some random 128 bit
value (odds are, a very large number).
Two things changed - 1) I saw that NEO wasn't going to be the privider I
wanted 2) explaining the contract and the collision attack and how it's
very different from RC5 attacks was too much for the average user to
take in when looking for a DC project.
> Again, my apologies; and thanks for showing me the
> light.
Glad I could help, you too helped me by forcing me to distill my
explaination. Thank you.
JLC
--
- Next message: Jean-Luc Cooke: "Re: Variation on CTR mode"
- Previous message: John Hadstate: "Re: A secure, trustworthy Win XP compitable encryption program with GUI interface?"
- In reply to: Francois Grieu: "Re: MD5CRK is now LIVE"
- Next in thread: Michael Amling: "Re: MD5CRK is now LIVE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
