On Mon, 14 Oct 2002 17:04:37 EDT, Tony said:

> Does anyone have a reference/link to any well known md5 vulnerabilities.
> I remeber reading something about them awhile back but couldn't google
> up anything. Also , are there any arguements *against* using md5? Should
> persons be using sha1 instead ?

As far as I know, nobody has managed to produce an actual MD5 hash collision.
Unless there's a *really major* break, which would be Big News, the resources
needed to exploit md5 itself are *waaay* past any that any attacker might have
access to. The *BIG* vulnerability is the same as it's always been - if the
attacker can replace the foobar.tar.gz file with a trojaned copy, they can
replace the plaintext file that has the checksums in it too. A bigger worry
is that people won't even bother checking - a little birdie told me that the
recent Sendmail trojan was out there for a week mostly because *nobody bothered
checking the md5sum*.

Bottom line - given current state-of-the-art, even *IF* there exists somebody who
can actually exploit MD5 itself, it would be much easier for them to arrange
things so you were comparing the trojaned file against a trojaned checksum....

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001

iD8DBQE9rDhAcC3lWbTT17ARAub0AJ4+J6d4z+XEzNtCCLveyyUnsObM2wCfbu13 gPOM2ytHfgFIrizm33pjlEM= =CHca -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]