Date: Wed, 18 Aug 2004 21:23:07 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Chris Doherty <chris-freebsd@randomcamel.net> Cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <20040818211706.D25438@cactus.fi.uba.ar> In-Reply-To: <20040818205440.GL9800@zot.electricrain.com> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <41239B0C.1000703@rdslink.ro> <20040818205440.GL9800@zot.electricrain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Aug 2004, Chris Doherty wrote: > > well, technically you're not "reversing the hash": you can't re-create a > message from its hash, because the information is simply gone--digesting > algorithms are massively lossy by definition. that is, you can't take a > 128-bit MD5 hash and recover the original 2-megabyte message, which makes > sense. > > what you can do, if you have a proper attack formula, is find *a* message > that produces *that one hash*. that is, if I have message M which produces > hash H, I can use the attack to find *a* message M' which will also > produce hash H. There are (potentially) infinite inputs and just 2^128 outputs, so you can always (given enough time and/or horsepower) greate a colision. The problem is you need to create a message M' such that it is similar enough to the original one so the recipient gets fooled he got the original one. I think the odds of backdooring a source code file and modifying it so it hashes to the same value are very small. Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818211706.D25438>