[Cryptography] Kali Linux security is a joke!

Arnold Reinhold agr at me.com
Sat Mar 21 22:28:24 EDT 2015


On Thu, 19 Mar 2015 18:51 CodesInChaos wrote:

> A collision attack requires attacker control over the original file.
> In that case MD5 is utterly broken.
> This would matter if the maintainer decided to produce two packages,
> one malicious and one harmless with the same hash.
> 
> But if an attacker has no such influence they need a second pre-image
> attack against the hash.
> The best public (second) pre-image attacks are slightly faster than
> brute-force and thus far from practical.
> 
> MD5 certainly isn't a great choice, but for software fingerprints it
> isn't that big a risk.

Use of MD5 is indeed a big — and totally unnecessary --- risk. While you are correct that a collision attack requires some ability to modify the original file, that is hardly an insurmountable obstacle. All an attacker has to do is inject some random bits in the target, say by modifying an included icon. A member of the team could be a mole or suborned by bribery or blackmail. Or malware could modify the tool chain in a way that injects the required bits at the last minute. While such ability would allow other attacks, there are many reasons why an attacker might want hacked and clean versions of the same program.  

MD5’s vulnerability to collision attack has been known for over a decade.  Here is a link to a sci.crypt discussion of this question from 2004: https://groups.google.com/d/msg/sci.crypt/hN6l_vumHyA/hQpYXF8UexsJ <https://groups.google.com/d/msg/sci.crypt/hN6l_vumHyA/hQpYXF8UexsJ> Given that there are hash functions considered safe against collision attacks, there is no excuse for continuing to use one that isn’t after all this time. 

Arnold Reinhold

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150321/245e92bb/attachment.html>


More information about the cryptography mailing list