The Pointlessness of the MD5 'attacks'

Sidney Markowitz sidney at sidney.com
Wed Dec 15 11:58:44 EST 2004


This isn't worked out enough to be a proof of concept, but I can imagine 
a piece of code that has a comment "This can't overflow because value X 
computed from the magic bits table will always be between A and B. Get 
0.1% speed boost by leaving out range check here but don't change magic 
bits".

That doesn't even have to be so obscure. It provides a place to 
introduce a security hole that will not be noticed by substituting a new 
magic bits table without the protective property. Unless someone takes 
their copy of the source code that has MD5 equal to the MD5 of the 
sources that have been reviewed by the experts and verifies for 
themselves whether their magic bits table does compute a value X between 
A and B, they are vulnerable. If MD5 is trusted, there is no reason to 
audit every downloaded copy of the source code like that, as long as you 
are sure that someone has done the audit.

  -- sidney
     http://www.sidney.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list