New Practical Attacks on Digital Signatures Using MD5 Message Digest
From: Vlastimil Klima (v.klima_at_volny.cz)
Date: 12/09/04
- Next message: Phil Carmody: "Re: Fast DES IP implementation"
- Previous message: Phil Carmody: "Re: Fast DES IP implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Dec 2004 10:27:13 +0100
There is another example about MD5 obscurity by Ondrej Mikle, sent to
eprint.iacr.org on 2nd December.
Abstract
We use the knowledge of the single MD5 collision published by Wang et al.
[1] to show an example of a pair of binary self-extract packages with equal
MD5 checksums, whereas resulting extracted contracts have fundamentally
different meaning. Secondly, we demonstrate how an attacker could create
custom pair of such packages containing files arbitrarily chosen by the
attacker with equal MD5 sums where each of the package extracts different
file. Once the algorithm for finding MD5 collisions is published, attack
could be made even more effective as we explain further. Authors of [1]
claim to know such algorithm for any MD5 initialization vector. A real-world
scenario of such attack is outlined. Finally, we point out the consequences
resulting from such attack for signature schemes based on MD5 message digest
on an example using GPG.
The paper is available at the following link:
http://cryptography.hyperlink.cz/2004/collisions.htm
Vlastimil Klima
[1] X. Wang, D. Feng, X. Lai, H. Yu, "Collisions for Hash Functions MD4,
MD5, HAVAL-128 and RIPEMD", rump session, CRYPTO 2004, Cryptology ePrint
Archive, Report 2004/199, http://eprint.iacr.org/2004/199
- Next message: Phil Carmody: "Re: Fast DES IP implementation"
- Previous message: Phil Carmody: "Re: Fast DES IP implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
