Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: On showing the weakness in the MD5 digest function and getting bitten by scalar context

by zentara (Archbishop)
on Aug 27, 2004 at 14:15 UTC ( [id://386379]=note: print w/replies, xml ) Need Help??


in reply to On showing the weakness in the MD5 digest function and getting bitten by scalar context

I'm no expert about md5 hashes, but from a practical viewpoint, does it really diminish the usefulness of the md5 hash? Say you can somehow spoof the md5 hash of some binary, will that 'spoofed' binary be able to do anything useful, like introduce trojans? I doubt it. Very arbitrary changes must be made to the binary to get it to match the md5sum, and the chances of that change being "useful" is also astronomical.

It still boils down to the fact that the main weakness of md5sums, is the security of the database where you store them.

I'm not really a human, but I play one on earth. flash japh
  • Comment on Re: On showing the weakness in the MD5 digest function and getting bitten by scalar context

Replies are listed 'Best First'.
Re^2: On showing the weakness in the MD5 digest function and getting bitten by scalar context
by hardburn (Abbot) on Aug 27, 2004 at 16:47 UTC

    If you're thinking about this from a mathmatical point of view, then this is a very big deal. Cryptographic hashes have the properties of being 1) hard to reverse, and 2) hard to find a collision. Since #2 is now violated, any algorithms that assumed #2 is true is now a broken algorithm (as well as any algorithms based on those algorithms, and so on).

    Does it change practical uses of hashes? Maybe. It depends on your application.

    "There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

[reply]
Re^2: On showing the weakness in the MD5 digest function and getting bitten by scalar context
by CountZero (Bishop) on Aug 27, 2004 at 21:19 UTC
    will that 'spoofed' binary be able to do anything useful, like introduce trojans?
    All bets are off now. Before it was considered practically impossible to calculate a collision in MD5-hash-space. Now it is shown that this is not the case and that you can do so in (practically spreaking) finite time.

    Nobody knows if the colliding datastreams will have any useful content, but nobody can tell you the opposite either and in matters of security, you assume the worst (but hope for the best).

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
Re^2: On showing the weakness in the MD5 digest function and getting bitten by scalar context
by Anonymous Monk on Jan 10, 2009 at 08:37 UTC
    Just thought I would point you to the following: http://www.win.tue.nl/hashclash/SoftIntCodeSign/ Granted they are trivial programs, but it does show the possibility of collisions in binaries. -Dustin
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://386379]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2024-04-25 12:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found