Vulnerability Development mailing list archives
Re: Hashes,File protection,etc
From: "Roland Postle" <mail () blazde co uk>
Date: Tue, 15 Oct 2002 15:39:50 +0100
Does anyone have a reference/link to any well known md5 vulnerabilities. I remeber reading something about them awhile back but couldn't google up anything. Also , are there any arguements *against* using md5? Should persons be using sha1 instead ?
Personally I'd be interested in not so well known md5 vulns too :D From http://www.mirrors.wiretapped.net/security/cryptography/hashes/papers/md 5-vs-sha.txt : ">-cryptanalysis ( is it safe) There is a known way of finding "pseudo collisions" for MD5. Another term for this is that there's a free-start collision attack against the compression funtion on MD5. This doesn't seem to translate into an attack on MD5 as it's actually used. There appears to be some kind of problem with SHA, as well. The NSA / NIST are working on a redesign. Nobody seems to be talking about what the problem is, though.
-brute force attacks (to make the same hash of a different message)
MD5 has an output of 128 bits, which I think is too small for good security. A collision can be found by brute force in 2**64 operations. ... If both algorithms are flawless, SHA will require 2**80 ops to generate a hash collision, and MD5 will require 2**64" The psuedocollision's paper is here http://www.esat.kuleuven.ac.be/~cosicart/ps/AB-9300.ps.gz then Hans Dobbertin extended the attack to proper collisions in md5's compression function http://www-cse.ucsd.edu/users/bsy/dobbertin.ps He also wrote the summary 'The Status of MD5 After a Recent Attack' ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf If I understand correctly this means that md5 is 'one step away' from being cracked wide open. I'd use SHA if I were you ;) - Blazde
Current thread:
- /instmsg/alias/annoying_web_logs ;), (continued)
- /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Shawn K. Hall (RA/Security) (Oct 20)
- Re: Hashes,File protection,etc Tony (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 16)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 16)
- Re: Hashes,File protection,etc Bob Mathews (Oct 16)
- Re: Hashes,File protection,etc Jose Nazario (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- RE: Hashes,File protection,etc Rich Cower (Oct 15)
- Re: Hashes,File protection,etc Eric Fritzges (Oct 15)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 14)