Date: Wed, 18 Aug 2004 14:24:32 -0400 From: "Peter C. Lai" <sirmoo@cowbert.net> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <20040818182432.GJ346@cowbert.net> In-Reply-To: <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 18, 2004 at 02:21:18PM -0400, Mike Tancsa wrote: > At 01:58 PM 18/08/2004, Peter C. Lai wrote: > >Well while collisions are cryptographically significant, they don't > >necessarily impact any operational security of the the hash. (Since the > >collision merely means that there are possibly two inputs which will hash > >to > >the same digest). > > > As I have no crypto background to evaluate some of the (potentially wild > and erroneous) claims being made in the popular press* (eg > http://news.com.com/2100-1002_3-5313655.html see quote below), one thing > that comes to mind is the safety of ports. If someone can pad an archive > to come up with the same MD5 hash, this would challenge the security of the > FreeBSD ports system no ? Yes that is the potential worry. But if you step back from cryptography for a minute and look at information theory, it would only matter if changes to an archive are meaningful to the attacker. Since I am not an expert in information theory, I can't calculate how likely it is that a significant (meaningful content alteration) change to the archive can result in one which causes a collision. The necessary changes that have to be made to the archive to generate the same hash may prevent it from being untar'd or the build to break, or something similar. It is probably still more likely that an attacker would alter an archive and then attempt to change the reported hash in the INDEX to that of the new hash. Then again, everything I'm saying is pure speculation. > > * "MD5's flaws that have been identified in the past few days mean that an > attacker can generate one hash collision in a few hours on a standard PC. > To write a specific back door and cloak it with the same hash collision may > be much more time intensive. " > > ---Mike > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818182432.GJ346>