Bugtraq mailing list archives
Re: MD5 To Be Considered Harmful Someday
From: Joel Maslak <jmaslak () antelope net>
Date: Tue, 7 Dec 2004 18:51:48 -0700 (MST)
On Tue, 7 Dec 2004, Gandalf The White wrote:
From my reading it appears that you need the original source to create thedoppelganger blocks. It also appears that given a MD5 hash you could not create a input that would give that MD5 back. Passwords encoded with MD5 would not fall prey to your discovery. Is this correct?
My understanding is similar to yours. However, imagine a PKI system in, say, a contract management system. Let's say you can write a valid word document with a section of text that can be "swapped" out. That can be a problem. It breaks non-repudiation - someone could create such a "swappable" contract and go to court and say "Yes, that's a valid signature, but I really signed *THIS* document which just happens to have an identical signature." Of course if I was called upon to testify, I would respond, "Yes, but it is clear this contract was written with the intent to defraud us, as to get this property, it has to be constructed in a very specific mind with this fraud in mind at time of contract origination..." -- Joel
Current thread:
- MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 07)
- Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 07)
- Re: MD5 To Be Considered Harmful Someday Tim (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Dragos Ruiu (Dec 08)
- Re: MD5 To Be Considered Harmful Someday David F. Skoll (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Joel Maslak (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Steve Friedl (Dec 08)
- RE: MD5 To Be Considered Harmful Someday David Schwartz (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Keith Oxenrider (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Adam Shostack (Dec 09)
- Re: MD5 To Be Considered Harmful Someday Tim (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Solar Designer (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 07)