Vulnerability Development mailing list archives
Re: Infecting the KaZaA network? (moving here thread from 'traq)
From: "Shoten" <shoten () starpower net>
Date: Tue, 12 Feb 2002 17:48:13 -0500
It is quite possible given two plaintexts of sufficient size, to ensure that they both have the same MD5 checksum.I think this is significantly harder than you are making it out to be. MD5 is a cryptographic checksum designed specifically to resist this kind of "collision". MD5 is weaker than SHA-1, but it is not so weak that you can just go around forging it at will. It would take about 2^64 hashes of random inputs to find two distinct inputs with the same MD5 (a collision). This is due to the birthday paradox and the 128 bit output of MD5. Note that if you want to collide with a specific MD5 value (as you would need to do to mount the infection you are talking about), this problem is much harder. In that case, you end up having to do more like 2^127 hashes of random inputs to find another input that hashes to the same MD5 as a specific fixed input (the file your are spoofing). Don't hold your breath waiting for 2^127 hashes to finish.
Not to mention that in this case, the file with the same checksum would have to be EXACTLY the same size as the KaZaA executable, AND be a functional virus on top of that. And even if you got all that, you'd have to worry about it getting mixed with a valid client during download from multiple sources. For those who think this is possible, go ahead and try...good luck :)
Current thread:
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Raistlin (Feb 08)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) John Hall (Feb 10)
- <Possible follow-ups>
- Re: Infecting the KaZaA network? (moving here thread from 'traq) nestler (Feb 12)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Shoten (Feb 12)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Valdis . Kletnieks (Feb 13)
- RE: Infecting the KaZaA network? (moving here thread from 'traq) Benjamin P. Grubin (Feb 13)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Valdis . Kletnieks (Feb 14)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Shoten (Feb 12)
- RE: Infecting the KaZaA network? (moving here thread from 'traq) Benjamin P. Grubin (Feb 16)