On Sat, Dec 26, 1998 at 05:36:42PM +0000, Ben Laurie wrote: > Eric Murray wrote: > > > > On Fri, Dec 25, 1998 at 11:37:03AM -0500, Andrew Maslar wrote: > > > Hello all. > > > > > > I'm new to the list; hope I can be helpful some day. > > > But first a question: > > > > > > I'm toying around with various protocols for key exchange, and I wonder, > > > if an attacker intercepted the result of the following operation: > > > > > > md5(x) + md5(x + y + z) > > > > > > (the +'s mean concatenation) > > > > > > and the attacker already knew: > > > > > > 1. the nature of the operation > > > 2. x > > > 3. z > > > > > > Could s/he compute y? > > > > You really want to ask "how hard would be for an attacker > > to compute y?". It's always possible, it's just a question > > of being practical (or more properly, cost-effective for > > the attacker). > > Surely in the case of MD5 (or any other hash) the question is "how hard > would it be for an attacker to compute a value that gives the same > result as y?". Of course, y is one candidate, but generally there are an > infinity of them, right? Right. The way I read Andrew's question, y is a secret to be used in the key exchange. So, while it's easier to compute, a y' which isn't y but produces the same hash as y would not result in a listener being able to discover the secret. However, generating a hash collision might allow another attack, such as MITM. -- Eric Murray N*Able Technologies www.nabletech.com (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5
