Re: PING -->4Q So you thought md5 is secure did you? Comments please.

On Thu, 17 May 2007 21:48:48 -0400, Dustin Cook <spamfilterineffect.see.sig@xxxxxxxxxxx> wrote:

There is a known result about MD5 hash function, is this: If MD5(x) == MD5
(y) then MD5(x+q) == MD5(y+q) So, if you have a pair of messages, x and y,
with the same MD5 value, you can append a payload q, and the MD5 value
keeps the same, the size of q is arbitrary.

Source: http://it.slashdot.org/article.pl?sid=05/09/23/0618252

Just to be sure any lurkers here are clear, the slashdot ariticle, from last Sept,
references a document at http://www.doxpara.com/md5_someday.pdf

That document states, in third paragraph of the introduction ...
"That being said, this paper is not a ”smoking gun” indictment of MD5."

If you read the formula above, it is stating, that IF you already have
two different articles, that produce the same md5 hash, then you can
append another file to both of them, and the resulting two files will
still have the same hash.

It is not saying, that resulting files will have the same hash, as the
original, just that the two new files hashes will still match each other.

Note that you have to still have to find a file whose hash matches the
first file, before you can append the "payload". That matching file still
has to be in an acceptable format, for whatever application/os, the first
file is intended for.

The document is clear, that while the ability to find multiple documents,
that match md5 should be considered a security risk, it also makes it clear
that currently, there is no need to panic.

I would not advise using md5, in new applications, but I wouldn't panic
about it still being in use, either.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
.

Relevant Pages

  • MD5 To Be Considered Harmful Someday
    ... I've been doing some analysis on MD5 collision announced by Wang et al. ... Yes, Virginia, there is no such thing as a safe hash ... attacks described in the paper. ... payload, but the payload is encrypted with AES. ...
    (sci.crypt)
  • MD5 To Be Considered Harmful Someday
    ... I've been doing some analysis on MD5 collision announced by Wang et al. ... Yes, Virginia, there is no such thing as a safe hash ... A tool, Stripwire, has been assembled to demonstrate some of the attacks ... payload, but the payload is encrypted with AES. ...
    (Bugtraq)
  • Re: PING -->4Q So you thought md5 is secure did you? Comments please.
    ... q, and the MD5 value keeps the same, the size of q is arbitrary. ... append another file to both of them, and the resulting two files will ... still have the same hash. ... before you can append the "payload". ...
    (alt.comp.anti-virus)
  • Re: Best way to encrypt password in database.
    ... Yep, that's the traditional way to do it, hash the password every logon ... If you password hashes ... The fix is to add a salt to thwart the rainbow tables and a have the ... Oh and BTW, never use MD5 for anything security related, it is broken ...
    (comp.lang.php)
  • Re: Rand generator (MD5)
    ... My micro cannot handle anything more than 32 bits! ... YOu do not have MD5. ... It does not sound to me like your hash implimentation is very ... void byteReverse(unsigned char *buf, unsigned longs); ...
    (sci.crypt)