Re: MD5 Collisions...

看板FB_security作者josh.時間18年前 (2007/12/05 00:13)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串14/18 (看更多)

--nextPart23016190.Y3cqKExS6D Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 04 December 2007 09:40:58 am Eygene Ryabinkin wrote: > Matt, good day. > > Tue, Dec 04, 2007 at 09:19:58AM -0500, Matt Piechota wrote: > > Norberto Meijome wrote: > >> I understand that the final nail in MD5's coffin hasn't been found > >> > > > yet ( ie, we cannot "determine the exact original input given a > > > hash value") , but the fact that certain magic bytes can be found > > > (rather quickly) so that any 2 given binaries end up as collisions > > > seems , from my unlearned POV, more serious or sinister than what > > > the text above implies. > > > > I think the big mitigating factor is that you can't easily generate a > > message that has the same length as the original as well as the same > > hash. > > No, read Kaminski's paper (http://www.doxpara.com/md5_someday.pdf): > with Wong's and Joux's multicollision attack (or its extensions) > one can generate files with the same sizes and MD5 hashes. > > The usefullness of this with application to the ports collection > is questionable, since you should make two colliding archives and > both of them should be unpackable and the second should do some > evil things. But strictly speaking, there are attacks producing > files with the same size and MD5 hash. > > http://www.cits.rub.de/MD5Collisions/ is also a good reading. It's not really questionable....for all practical purposes it's worthless. = In=20 order to generate meaningful same-length collisions you need control of the= =20 original file. (Your links go to lengths to explain this...) In the case o= f=20 a ports distfile if you have control of the original file you really don't= =20 need to go to great lengths to generate collisions, you can simply toss you= r=20 malicious content in there right from the get go. =2D-=20 Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB --nextPart23016190.Y3cqKExS6D Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHVXv7JvkB8SevrssRAiGyAJ9+rYo/HNXIeu0FSm3K/BZFaioiOwCfQ+jW 1hzYL9ulgu3lP/5LkKCNCtk= =hnES -----END PGP SIGNATURE----- --nextPart23016190.Y3cqKExS6D--

‣ 返回看板[ FB_security ] BSD

‣ 更多 josh. 的文章

文章代碼(AID): #17LNoM00 (FB_security)