[16539] in cryptography@c2.net mail archive
The Pointlessness of the MD5 "attacks"
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Dec 14 10:14:40 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 14 Dec 2004 14:43:24 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Cryptography <cryptography@metzdowd.com>
Dan Kaminsky's recent posting seems to have caused some excitement, but
I really can't see why. In particular, the idea of having two different
executables with the same checksum has attracted attention.
But the only way I can see to exploit this would be to have code that
did different things based on the contents of some bitmap. My contention
is that if the code is open, then it will be obvious that it does
"something bad" if a bit is tweaked, and so will be suspicious, even if
the "something bad" is not triggered in the version seen.
So, to exploit this successfully, you need code that cannot or will not
be inspected. My contention is that any such code is untrusted anyway,
so being able to change its behaviour on the basis of embedded bitmap
changes is a parlour trick. You may as well have it ping a website to
find out whether to misbehave.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
