lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 08 Dec 2004 14:23:11 -0800
From: Dan Kaminsky <dan@...para.com>
To: Pavel Machek <pavel@....cz>
Cc: bugtraq@...urityfocus.com
Subject: Re: MD5 To Be Considered Harmful Today


>
>
>:~/misc/md5$ cat msg1
>I agree to sell you my horse ^Fita^, its saddle and harness for price   14000 dollars. Signed Bara
>
>  
>
Except you can't do this, since the appended data needs to be identical 
between the two files.  That's why I used the encrypted payload -- it 
ties the semantic meaning of the embedded commands to posession of 
vec1's series of bits, which is of course what a cipher is meant to do.

Your payloads differ but the above line is incorrect.  Your actual 
appended files:

$ cat msg1
[terminal garbage]I agree to sell you my horse ^Fita^, its saddle and 
harness for price   1 000 dollars. Signed Bara

$ cat msg2
[slightly different terminal garbage]I agree to sell you my horse 
^Fita^, its saddle and harness for price   1 000 dollars. Signed Bara

--Dan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ