Full Disclosure mailing list archives
Re: MD5 algorithm considered toxic (and harmful)
From: Valdis.Kletnieks () vt edu
Date: Sat, 01 Dec 2007 22:08:38 -0500
On Sat, 01 Dec 2007 05:06:36 PST, Kristian Erik Hermansen said:
I know of many commercial security products which still utilize MD5 to prove integrity of the data they distribute to customers. This should no longer be considered appropriate. Now that tools are readily available to exploit newer MD5 collision research, I think it is safe to say that the public should retire its usage for good.
Admittedly, MD5 is on its last legs. However, please note that the current state of the art for MD5 collisions is "create two plaintexts that collide with the same (but unpredictable) MD5 hash". That's what these binaries demonstrate. What is still *not* known to be doable is "given a plaintext that has a pre-specified MD5 hash, compute a second plaintext with the same hash". So publishing the MD5 hash of the binary is still safe - for now. If I was a vendor, I'd be publishing both MD5 and SHA-256 for the data. (Note that strictly speaking, what you *really* want is a PGP-signed or otherwise authenticated MD5/SHA-256 hash. Otherwise, if I'm an attacker, I can just splat a new binary up, and a new MD5SUMS file that lists the MD5 sum for the backdoored binaries. If anything, more people manage to screw *this* part up than the much lesser offense of still using MD5 rather than something from the SHA-2 family)....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MD5 algorithm considered toxic (and harmful) Kristian Erik Hermansen (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Steven Adair (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) James Matthews (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Enno Rey (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Tim (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Paul Schmehl (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) James Matthews (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Steven Adair (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Kristian Erik Hermansen (Dec 01)