comment on

No. I haven't missed the point.

I'm not sure where you got the quoted word "panic" from, but it wasn't any of my posts.

How certain can I be that the message has not been altered in transit?

If the message you recieved is protected by PKC, then if the PKC is secure, so is the message.
How did you receive the md5?
If it came inside the PK encrypted message, and the encyption is any good, how could the bad guys know it?

Let's just assume for a moment that you received your "trusted md5" via secure means. How would the bad guys know what is was in order to create a message that hashed to that same MD5?

If the MD5 was not transmitted to you by secure means, then it's an aweful lot easier to alter both the message and the md5.

... he can pad a modified (or completely different) version of the message such that it hashes to the original checksum, ...

This is completely wrong! The attack consists of altering bits of bytes of the original message to produce a duplicate message.

The results will be the same length as the original, with a few bits altered.

The attacker does not get to choose which bits of which bytes get altered.
He does not get to choose what they get altered too.
The process is purely matehmatical.

Hence, if the message is plain text, it will show obvious signs of tampering. Wrong letters in words, accented characters that don't fit. It will probably look as though it has suffered from corruption in transit with a few bits having been dropped or switched. Chances are that the intent of the original message would be almost intact.

What the attacker cannot do, is change it to something specific.

The "weakness" in the md5 digital (not cryptographic) signature , certainly does not allow the attacker to "pad a modified (or completely different) version of the message such that it hashes to the original checksum".

If the message is binary, either compressed, encrypted or both, the effect of the bits changed by the mathematical manipulations, will likely render an executable unrunnable; a compressed file undecompressible; and an encrypted file undecryptable. These format being more more sensitive to random bit corruption than plain text.

Nowhere, in any of the publically available material that I have been able to access over the last couple of days does is suggest (or even hint) that it is possible to replace one message with another of entirely different meaning and then coerse it to produce the original md5. And I believe I've read everything available to read.

Your suggestion that this is possible, shows a distinct lack of understanding of the processes involved.

Please read the (rather extended) thread starting at 386470 and if your still convinced that I have missed the point then /msg me and we can continue this offline.

Examine what is said, not who speaks.

"Efficiency is intelligent laziness." -David Dunham
"Think for yourself!" - Abigail
"Memory, processor, disk in that order on the hardware side. Algorithm, algorithm, algorithm on the code side." - tachyon

In reply to Re^3: MD5 - what's the alternative by BrowserUk
in thread MD5 - what's the alternative by kiat

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Perl-Sensitive Sunglasses
	PerlMonks