The Pointlessness of the MD5 "attacks"
Ben Laurie
ben at algroup.co.uk
Thu Dec 16 05:05:41 EST 2004
John Kelsey wrote:
>> So, to exploit this successfully, you need code that cannot or will
>> not be inspected. My contention is that any such code is untrusted
>> anyway, so being able to change its behaviour on the basis of
>> embedded bitmap changes is a parlour trick. You may as well have it
>> ping a website to find out whether to misbehave.
>
> So, are you sure there can never be a program which allows such an
> exploit? I've seen programs that had embedded components (state
> machines in particular) which were not easily human-readable, and had
> themselves been generated by computer. And even large graphics,
> sound, or video sequences can really change the meaning of a
> program's actions in some ways; those might be susceptible to the
> requirements of the attack. I agree it's hard to see how to exploit
> the existing MD5 collision attacks in programs that would look
> innocent, but I don't see what makes it *impossible*.
I did not say it was impossible, I said that such exploits would work
just as well without MD5 collisions. For example, if you are going to
trigger on some subtle distinction such as a single bit flipped, then
make that a bit in a counter, or a bit in the input stream.
> Then you have data files, as Adam Back mentioned, which are often not
> human readable, but you'd still like to know if the signature on them
> is valid, or if they've been changed surreptitiously since the last
> time they were checked over.
>
> Finally, I'm very skeptical that the attacks that have been found
> recently are the best or only ones that can be done. Do we have any
> special reason to think that there will never be a way to adapt the
> attack to be able to slip something plausible looking into a C
> program? Once your hash function starts allowing collisions, it
> really just becomes a lot less valuable.
I do not have a special reason to think anything about future attacks on
MD5. I am discussing the present attacks.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list