Server Help

Trash Talk - MD5 proved broken
Mine GO BOOM - Wed Aug 18, 2004 12:10 pm
Post subject: MD5 proved broken
Note that I did not read the Slashdot article, but instead the SA Thread about it.

Quick summary: They say they can generate a collision within about a hour on a normal computer.

Proof of a collision
Code: Show/Hide
  $ cmp file1.bin file2.bin
  file1.bin file2.bin differ: byte 20, line 1

  $ md5sum file1.bin file2.bin
  a4c0d35c95a63a805915367dcfe6b751  file1.bin
  a4c0d35c95a63a805915367dcfe6b751  file2.bin
Mr Ekted - Wed Aug 18, 2004 12:48 pm
Post subject:
Scary stuff.
CypherJF - Wed Aug 18, 2004 1:39 pm
Post subject:
ITS THE END OF THE WORLD! lol jk icon_smile.gif
Cyan~Fire - Wed Aug 18, 2004 4:39 pm
Post subject:
But didn't we know this all along? It's not like anyone can actually use this to their advantage unless they're really lucky.
Mine GO BOOM - Wed Aug 18, 2004 10:25 pm
Post subject:
The idea was that people knew it was weak, and that collisions were possible, but the chance of someone brute-forcing a matching md5 checksum on data the same length was very slim, and would take many years. They claim that they have a formula in which they can find a matching checksum of almost any data within a hour on a normal machine, not some super-computer.

The fact that it only finds a few bytes off can do harm. Take for example, digital signatures. You run something through the md5sum to create a signature of your object for security reasons, but now there is some method in which some other data, the same length, will have the same checksum.

It is unknown if the formula can be repeated on itself, like creating another same-length dataset for the same checksum. And the fact that they state that SH1 has a theoritical weakness is still scary also.

Just so you know, this is the first example of any data stream with matching MD5. So yes, this is a big deal.
Bak - Wed Aug 18, 2004 11:51 pm
Post subject:
So I see the digital signature and accept the email someone signed and sent me. Instead of a message, I get random text, what's the harm again?
Anonymous - Wed Aug 18, 2004 11:59 pm
Post subject:
What makes me wonder is... What is MD5?
CypherJF - Thu Aug 19, 2004 12:04 am
Post subject:
MD5 is a method supposively that was unique to any key it is given; to create a finger print for the data that is parsed into it. When 2 inputs creates the same output; it's become a problem.

Make sense now? lol icon_smile.gif

2 files = same MD5 checksum?(hash?), very bad icon_smile.gif
myke - Thu Aug 19, 2004 12:59 am
Post subject:
cypher you forgot it means message digest 5 lol
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group