The Pointlessness of the MD5 "attacks"

Ben Laurie ben at algroup.co.uk
Wed Dec 15 03:44:03 EST 2004


Adam Back wrote:
> Well the people doing the checking (a subset of the power users) may
> say "I checked the source and it has this checksum", and another user
> may download that checksum and be subject to MITM and not know it.
> 
> Or I could mail you the source and you would check it with checksum
> and compare checksum to web site.
> 
> Or somone could just go ahead and change the source without changing
> the checksum or any of the changlog / cvs change notification stuff
> and people would not think there is a change to review.
 >
> Some of this scenarios will likely work some of the time against
> users.

You are missing the point - since the only way to make this trick work 
is to include a very specific chunk of 64 bytes with a few bits flipped 
(or not), the actual malicious code must be present anyway and triggered 
by the flipped bits. So, all of these attacks rely on the code not being 
inspected or being sufficiently cunning that inspection didn't help. 
And, if that's the case, the attacks work without any MD5 trickery.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list