|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Report of collision-generation with MD5
From: Fernando Gleiser (fgleiser
cactus.fi.uba.ar)
Date: Wed Aug 18 2004 - 19:23:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 18 Aug 2004, Chris Doherty wrote:
>
> well, technically you're not "reversing the hash": you can't re-create a
> message from its hash, because the information is simply gone--digesting
> algorithms are massively lossy by definition. that is, you can't take a
> 128-bit MD5 hash and recover the original 2-megabyte message, which makes
> sense.
>
> what you can do, if you have a proper attack formula, is find *a* message
> that produces *that one hash*. that is, if I have message M which produces
> hash H, I can use the attack to find *a* message M' which will also
> produce hash H.
There are (potentially) infinite inputs and just 2^128 outputs, so you
can always (given enough time and/or horsepower) greate a colision.
The problem is you need to create a message M' such that it is similar
enough to the original one so the recipient gets fooled he got
the original one. I think the odds of backdooring a source code file
and modifying it so it hashes to the same value are very small.
Fer
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]