North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Senator Diane Feinstein Wants to know about the Benefits of P2P
Gregory Hicks wrote: Date: Mon, 30 Aug 2004 16:39:56 -0400 From: Mike Tancsa <[email protected]> At 04:12 PM 30/08/2004, Dan Hollis wrote:Thats a misleading over simplification. A collision being found implies something different than "its cracked." A weakness that was theorized sometime ago has been demonstrated in practice. Finding collisions and altering files in a useful way to produce a duplicate hash are different things. There are FAR bigger security concerns than this one right now IMHO.yep md5 made the news recently because it's been cracked: http://techrepublic.com.com/5100-22-5314533.html http://www.rtfm.com/movabletype/archives/2004_08.html#001055 There MUST BE multiple 680 MB files that give the same checksum. A checksum is a many-to-one operation. If MD5 were a "perfect" checksum, it would map each and every 128-bit strings to another 128-bit string. However, for an 129-bit string, you have twice as many initial strings, but still just 128-bits of hash values. If the checksum is perfectly distributed, each 128-bit hash would have to correspond to _two_ initial strings. If you think about it for a second, if you have an initial bit string of length 'n' and a hash of length 'm,' the number of collisions for a perfectly distributed checksum (the number of initial strings that produce the same hash) is, 2^(n - m) Now, a 680 MB file is about a 5704253440-bit string. That would imply there are about 2^5704253312 strings that correspond to that one hash. Good luck generating _one_ of those. And extra good luck in finding the ones of the 2^5704253312 that comply with ISO 9660. And a tad more good luck in finding the ones in there that might make sense being the particular ISO image you want. The issue with MD5 is that there may be techniques for an attacker to generate collisions (and again, there MUST BE collisions) using many fewer operations than a brute force approach. The brute force approach has always existed. There is no perfectly secure crypto, only crypto that is "secure enough for this application for now." MD5 is still safe enough for most applications for now (hell, DES is safe enough for most applications for now). However, it should be looked at as depricated and phased out, i.e. not used in new protocols and products. The Death of the Internet has not been predicted. There will be no film at eleven. -- Crist J. Clark [email protected] Globalstar Communications (408) 933-4387
|