Re: md5 collisions and speeding tickets

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 08/12/05


Date: 11 Aug 2005 22:32:54 -0700

daw@taverner.cs.berkeley.edu (David Wagner) writes:
> On the technical side, I'm not sure I understand what the
> collision-resistance of MD5 (or lack thereof) has to do with the
> integrity of this evidence. If we posit a malicious or misbehaving
> speed camera, surely there are much nastier ways it can frame you than
> by exploiting MD5 collisions?

Yeah, that's the main thing.

> And if the speed camera is not malicious, then I think you only have
> to care about second pre-image resistance, not collision-resistance.
> Am I off my rocker?

Free collisions may be enough. All those pictures have noise in them.
So if you want to make pictures A and B have the same md5 hash, you
can twiddle the noise bits in both of them til you get a free
collision. Whether those bits are ever in the right place for the
Chinese attack is not so obvious.