Re: MD5 Collisions...

Tue, 04 Dec 2007 12:18:18 -0800 

Colin Percival asked:


Norberto Meijome wrote:
should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : 

"
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have

    been made that its security is in some doubt.  The attacks on  
MD5 are in
    the nature of finding ``collisions'' -- that is, multiple  
inputs which
    hash to the same value; it is still unlikely for an attacker to  
be able

    to determine the exact original input given a hash value.
"



I fail to see how the man page is incorrect here.  What do you think  
it should

be saying instead?



Nothing.  This is philosophy, which goes far beyond the scope of man  
pages.



As a security researcher, it's fun to spend years poking at a problem  
until you find a way to exploit it, and the meaning doesn't change if  
the exploit takes all of the computing resources that existed in the  
known universe up to last year.  In the real world, these 'attacks'  
have little meaning.



The common uses of MD5 as applied to the average FreeBSD consumer  
consist of adding some amount of assurance that the bits said user  
just downloaded are indeed the bits (s)he wanted to download.  The  
probability of someone compromising one or more servers, replacing the  
compressed tar image with another compressed tar image of the SAME  
LENGTH that is still valid and that manages to do much the same work  
as the original, plus some nefarious additional function, is  
infinitesimally small.


In theory, theory is better than practice, but in practice, it never is.


The one direction the FreeBSD Project should take from this discussion  
is that cryptography, like any form of security, is an arms race.   
Utilities that use cryptography for protection should plan on being  
able to use newer ciphers from very beginning, because what we have  
now will, in practice, NEVER be enough tomorrow, for some tomorrow.


--
           Where am I, and what am I doing in this handbasket?
Wes Peters                                                     [EMAIL PROTECTED]


_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"























					Reply via email to