Re: md5 collisions and speeding tickets
From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 11 Aug 2005 22:32:54 -0700
email@example.com (David Wagner) writes:
> On the technical side, I'm not sure I understand what the
> collision-resistance of MD5 (or lack thereof) has to do with the
> integrity of this evidence. If we posit a malicious or misbehaving
> speed camera, surely there are much nastier ways it can frame you than
> by exploiting MD5 collisions?
Yeah, that's the main thing.
> And if the speed camera is not malicious, then I think you only have
> to care about second pre-image resistance, not collision-resistance.
> Am I off my rocker?
Free collisions may be enough. All those pictures have noise in them.
So if you want to make pictures A and B have the same md5 hash, you
can twiddle the noise bits in both of them til you get a free
collision. Whether those bits are ever in the right place for the
Chinese attack is not so obvious.