PING -->4Q So you thought md5 is secure did you? Comments please.

Secure Home | Search | About

Lost Password?

Anti-Virus Software

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

PING -->4Q So you thought md5 is secure did you? Comments please.

Dustin Cook

05-17-2007

Re: PING -->4Q So you thought md5 is secure did yo...

Walter M. Mario...

05-17-2007

Re: PING -->4Q So you thought md5 is secure did yo...

David W. Hodgin...

05-18-2007

Re: PING -->4Q So you thought md5 is secure did yo...

Dustin Cook

05-18-2007

Posted by Dustin Cook on May 17, 2007, 9:48 pm

If you were Registered and logged in, you could reply and use other advanced thread options

We've known since the middle of the nineties that breaking MD5 was within
reach. The fact there has been so much inertia in getting people to change
is quite incredible really.

At Toorcon this year, Dan Kaminsky showed a way to create two different
webpages that render properly in a browser but have the same MD5 hash.
Anybody who thinks this attack is theortical and ignorable is grossly
mistaken.

There is a known result about MD5 hash function, is this: If MD5(x) == MD5
(y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,
with the same MD5 value, you can append a payload q, and the MD5 value
keeps the same, the size of q is arbitrary.

Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

4Q, Comments?

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Posted by Walter M. Marion on May 17, 2007, 9:58 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Dustin Cook wrote:

> We've known since the middle of the nineties that breaking MD5 was within

> reach. The fact there has been so much inertia in getting people to change

> is quite incredible really.

> At Toorcon this year, Dan Kaminsky showed a way to create two different

> webpages that render properly in a browser but have the same MD5 hash.

> Anybody who thinks this attack is theortical and ignorable is grossly

> mistaken.

> There is a known result about MD5 hash function, is this: If MD5(x) == MD5

> (y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,

> with the same MD5 value, you can append a payload q, and the MD5 value

> keeps the same, the size of q is arbitrary.

> Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

> 4Q, Comments?

Mr. BugHunter:

Please don't feed the Trolls.

I and others are tired of all the 4Q crap. Don't encourage the lowlife.

Posted by David W. Hodgins on May 18, 2007, 5:19 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On Thu, 17 May 2007 21:48:48 -0400, Dustin Cook

> There is a known result about MD5 hash function, is this: If MD5(x) == MD5

> (y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,

> with the same MD5 value, you can append a payload q, and the MD5 value

> keeps the same, the size of q is arbitrary.

> Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

Just to be sure any lurkers here are clear, the slashdot ariticle, from last
Sept,
references a document at http://www.doxpara.com/md5_someday.pdf

That document states, in third paragraph of the introduction ...
"That being said, this paper is not a ”smoking gun” indictment of MD5."

If you read the formula above, it is stating, that IF you already have
two different articles, that produce the same md5 hash, then you can
append another file to both of them, and the resulting two files will
still have the same hash.

It is not saying, that resulting files will have the same hash, as the
original, just that the two new files hashes will still match each other.

Note that you have to still have to find a file whose hash matches the
first file, before you can append the "payload". That matching file still
has to be in an acceptable format, for whatever application/os, the first
file is intended for.

The document is clear, that while the ability to find multiple documents,
that match md5 should be considered a security risk, it also makes it clear
that currently, there is no need to panic.

I would not advise using md5, in new applications, but I wouldn't panic
about it still being in use, either.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Posted by Dustin Cook on May 18, 2007, 9:15 pm

If you were Registered and logged in, you could reply and use other advanced thread options

> On Thu, 17 May 2007 21:48:48 -0400, Dustin Cook

>> There is a known result about MD5 hash function, is this: If MD5(x)

>> == MD5 (y) then MD5(x+q) == MD5(y+q) So, if you have a pair of

>> messages, x and y, with the same MD5 value, you can append a payload

>> q, and the MD5 value keeps the same, the size of q is arbitrary.

>> Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

> Just to be sure any lurkers here are clear, the slashdot ariticle,

> from last Sept, references a document at

> http://www.doxpara.com/md5_someday.pdf

> That document states, in third paragraph of the introduction ...

> "That being said, this paper is not a ”smoking gun” indictment of

> MD5."

> If you read the formula above, it is stating, that IF you already have

> two different articles, that produce the same md5 hash, then you can

> append another file to both of them, and the resulting two files will

> still have the same hash.

> It is not saying, that resulting files will have the same hash, as the

> original, just that the two new files hashes will still match each

> other.

> Note that you have to still have to find a file whose hash matches the

> first file, before you can append the "payload". That matching file

> still has to be in an acceptable format, for whatever application/os,

> the first file is intended for.

> The document is clear, that while the ability to find multiple

> documents, that match md5 should be considered a security risk, it

> also makes it clear that currently, there is no need to panic.

> I would not advise using md5, in new applications, but I wouldn't

> panic about it still being in use, either.

> Regards, Dave Hodgins

I agree with your assesment of the url Dave. I didn't mean to panic
anyone by posting it. Only meant to remove some speculation.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Similar Threads	Posted
Thought so	September 24, 2005, 10:57 am
Comments on AVG7	July 19, 2005, 9:38 pm
Supermegaspoof - any comments?	March 14, 2006, 1:39 am
Any comments good or bad on AT&T Security Suite 6.0?	January 19, 2008, 10:33 pm
Comments on whether my PC has a virus/malware & suggestions for management sought	December 17, 2006, 4:10 am
No ping in, no ping out	July 30, 2006, 9:42 pm
Re: Ping: cbgerry	July 25, 2007, 6:13 pm
ping victek	June 15, 2008, 11:23 am
Ping DHL Re: Multi-AV - McAfee	January 27, 2008, 12:39 am
Trend Micro Pro and cannot PING	March 15, 2008, 8:03 pm

The site map in XML format XML site map