lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 07 Dec 2004 16:54:34 -0600
From: Gandalf The White <gandalf@...ital.net>
To: Dan Kaminsky <dan@...para.com>,
	BugTraq <bugtraq@...urityfocus.com>
Subject: Re: MD5 To Be Considered Harmful Someday


Greetings and Salutations:

On 12/6/04 5:29 PM, "Dan Kaminsky" <dan@...para.com> wrote:
<snip>
> Some highlights from the paper:
> * The attack itself is pretty limited -- essentially, we can create
> "doppelganger" blocks (my term) anywhere inside a file that may be
> swapped out, one for another, without altering the final MD5 hash.  This
> lets us create any number of binary-inequal files with the same md5sum.

>From my reading it appears that you need the original source to create the
doppelganger blocks.  It also appears that given a MD5 hash you could not
create a input that would give that MD5 back.  Passwords encoded with MD5
would not fall prey to your discovery.  Is this correct?

Unfortunately when "The Press" publicized the MD5 hash discovery by Joux and
Wang it almost sounded like "The Press" was surprised to find collisions in
the MD5 domain (intuitive to me, a limited number of outputs and a infinite
number of inputs = Collisions).  I assume that a "good" hash would have a
even distribution of collisions across the domain and that the larger number
of bits for the output the better the hash (assuming no cryptographic
algorithm errors).

Thanks,
Ken

---------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ