From owner-freebsd-security@FreeBSD.ORG Thu Aug 19 08:16:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30EE116A4CE for ; Thu, 19 Aug 2004 08:16:14 +0000 (GMT) Received: from sollube.sarenet.es (sollube.sarenet.es [192.148.167.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 832A943D2F for ; Thu, 19 Aug 2004 08:16:13 +0000 (GMT) (envelope-from borjamar@sarenet.es) Received: from [172.16.1.6] (ns10-sarenetlan-dhcp.sarenet.es [192.148.167.10]) by sollube.sarenet.es (Postfix) with ESMTP id 58AF39BB for ; Thu, 19 Aug 2004 10:16:12 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v619) In-Reply-To: <41239B0C.1000703@rdslink.ro> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <41239B0C.1000703@rdslink.ro> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <176CF1F4-F1B8-11D8-9F60-000393C94468@sarenet.es> Content-Transfer-Encoding: 7bit From: Borja Marcos Date: Thu, 19 Aug 2004 10:16:37 +0200 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.619) Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 08:16:14 -0000 On 18 Aug 2004, at 20:08, Claudiu wrote: > hello, > > please explain what do you mean by "reverse the hash". Is this the > recreation of the originial message from its hash ? You cannot reverse a hash. By definition, it is a non-reversible mathematical function. If you get a set of messages and apply a hash to each of them, given a big enogh set of messages you will find that some of them have the same hash. The issue is not the existence of collisions. It is obvious that there will be collisions. The issue is how easy or hard it is to find a collision. Imagine a very simple hash: a checksum. Given a message, M, it is trivial to generate another message with the same checksum. However, using a "cryptographically secure" hash, there is no easy method to do that, other than brute force. What researchers have discovered could lead to a shortcut, easier (and cheaper) to perform that a brute force search for collision finding. It does not mean that those digests are "broken", but indeed it means that they are less secure than previously thought. Borja.