Date: Wed, 18 Aug 2004 14:21:18 -0400 From: Mike Tancsa <mike@sentex.net> To: "Peter C. Lai" <sirmoo@cowbert.net> Cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> In-Reply-To: <20040818175804.GI346@cowbert.net> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:58 PM 18/08/2004, Peter C. Lai wrote: >Well while collisions are cryptographically significant, they don't >necessarily impact any operational security of the the hash. (Since the >collision merely means that there are possibly two inputs which will hash to >the same digest). As I have no crypto background to evaluate some of the (potentially wild and erroneous) claims being made in the popular press* (eg http://news.com.com/2100-1002_3-5313655.html see quote below), one thing that comes to mind is the safety of ports. If someone can pad an archive to come up with the same MD5 hash, this would challenge the security of the FreeBSD ports system no ? * "MD5's flaws that have been identified in the past few days mean that an attacker can generate one hash collision in a few hours on a standard PC. To write a specific back door and cloak it with the same hash collision may be much more time intensive. " ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.2.0.0.20040818141732.04a6e060>