North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: potential hazards of Protect-America act
On Jan 30, 2008, at 5:28 PM, Steven M. Bellovin wrote: On Wed, 30 Jan 2008 17:03:04 -0800 Warren Kumari <[email protected]> wrote: Yes, I know that you do, and I know that most (all?) of the people on the list do. I also realize that, for this application, it isn't the correct choice... My little hissy fit was brought about by the many instances that I have encountered where people say things like "MD5 on BGP sessions is pointless because MD5 has been broken"[0] and other similar things...
Yes. Specifically, MD5 is being used to log received files in a surveillance system. So -- suppose I'm a bad guy and I think the FBI is monitoring my traffic. I create two files, one perhaps incriminating and one not, with the same MD5 hash. The FBI arrests me and uses the intercepted file as evidence. I tell the judge that the evidence was tampered with; as proof, I show my file that has the same MD5 hash. I then assert that the FBI and the NSA colluded to find a preimage -- "everyone" knows that NSA can do such things -- and complain to the judge. Or let's turn it around. The FBI prepares two documents with a collision, one of interest to me and the other incriminating. A undercover agent sends me the first one, which I save. I'm arrested -- and the FBI lab substitutes in the second file. The logs will still match, but I'm being convicted based on faked evidence. Or I just tell the judge that that's what the FBI did. Sure, and I'm sorry if it came across that I was saying that MD5 was the correct solution for this application, I wasn't... I was just venting about the folks that automatically rule out any protocol or system that uses MD5 without understanding what the hash is used for, what the issues are and what the threat model is... W [0]: There are a bunch of reasons to do (or not do) MD5 BGP authentication -- collisions in the hash is not one of them... I hope I haven't ruined that.
|