The Pointlessness of the MD5 "attacks"

Ben Laurie ben at algroup.co.uk
Tue Dec 14 17:17:28 EST 2004 

Ondrej Mikle wrote:
> On Tue, 14 Dec 2004 14:43:24 +0000, Ben Laurie <ben at algroup.co.uk> wrote:
> 
>>But the only way I can see to exploit this would be to have code that
>>did different things based on the contents of some bitmap. My contention
>>is that if the code is open, then it will be obvious that it does
>>"something bad" if a bit is tweaked, and so will be suspicious, even if
>>the "something bad" is not triggered in the version seen.
> 
> 
> There are many ways to obfuscate code so tha it will seem innocent,
> see for example International Obfuscated C Code Contest
> (http://www.ioccc.org/main.html).

That does not make it seem innocent, it makes it seem incomprehensible.

> It can be based on variable
> modification using buffer overflows, integer overflows, strange side
> effects of expression evaluation, etc.

I agree, but you do not need MD5 attacks to achieve these things.

> Another possibility for an attacker is the use of deliberate and very
> rare race conditions, which only attacker knows how to trigger. Race
> conditions are very difficult to discover. Cf. Linux ptrace race
> condition (http://archives.neohapsis.com/archives/bugtraq/2001-10/0135.html).
> It's been there in kernels 2.2.0 - 2.2.19 and 2.4.0 to 2.4.9. It
> allowed for local privilege escalation. Took quite a long time to
> discover it, even though it was open source code. Quite a long time
> for opportunity, if we assumed an attacker would do similar attack
> deliberately.

Again, MD5 does not improve these attacks.

>>So, to exploit this successfully, you need code that cannot or will not
>>be inspected. My contention is that any such code is untrusted anyway,
>>so being able to change its behaviour on the basis of embedded bitmap
>>changes is a parlour trick.
> 
> 
> That's true in theory, but it's different in real world. Take
> Microsoft software as an example. Many banks use their software (and
> sometimes even military). I don't think that all of them reviewed
> Microsoft's source code (I guess only a few, if any at all). There was
> an incident of a worm attacking ATMs.

No, and they are therefore vulnerable to Microsoft. Note that MD5 is not 
required for Microsoft to attack them.

> Another example, Enigma was being sold after WW 2, but the Allies knew
> it could be broken. The purchasers did not. Same as when US army sold
> some radio communications that used frequency hopping to Iraq during
> 1980's. US knew that it could be broken ("just in case...").

And MD5 helps with this how?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list