[37630] in bugtraq
MD5 To Be Considered Harmful Today
daemon@ATHENA.MIT.EDU (Pavel Machek)
Wed Dec 8 13:34:04 2004
Date: Wed, 8 Dec 2004 02:39:41 +0100
From: Pavel Machek <pavel@ucw.cz>
To: Dan Kaminsky <dan@doxpara.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20041208013941.GA5210@elf.ucw.cz>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <41B4EB5E.6070106@doxpara.com>
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Hi!
> I've been doing some analysis on MD5 collision announced by Wang et al.
> Short version: Yes, Virginia, there is no such thing as a safe hash
> collision -- at least in a function that's specified to be
> cryptographically secure. The full details may be acquired at the
> following link:
Yes, nice paper, and here you have nice story:
Okay, lets have two friends and one horse. Let's say Pavel and
Bara. Bara owns a horse, and needs money, so she wants to sell
it. Horse has some problems with its back, and Bara would be willing
to sell it for around $1300. Therefore she's quite surprised when
Pavel offers her $14000, and agrees immediately.
From: Pavel
To: Bara
Hi!
I'd like to buy Fita. If you accept my offer (msg1), just sign and
send it back.
:~/misc/md5$ cat msg1
I agree to sell you my horse ^Fita^, its saddle and harness for price 14000 dollars. Signed Bara
:~/misc/md5$ md5sum msg1
57ce330a6c6ca8e9ffab4f3b36b2a1a5 msg1
:~/misc/md5$
(Bara signs msg1 and sends it back to Pavel). Two days later, Pavel
comes with a car, and $1000. Bara denies she offered Fita for $1000,
but can not find copy of the e-mail exchange. Fortunately Pavel has a
copy with him, digitaly signed by Bara. They view it on her computer,
and verify the signatures. At that point Bara agrees she probably made
a mistake, and accepts $1000...
:~/misc/md5$ cat msg2
I agree to sell you my horse ^Fita^, its saddle and harness for price 1´000 dollars. Signed Bara
:~/misc/md5$ md5sum msg2
57ce330a6c6ca8e9ffab4f3b36b2a1a5 msg2
:~/misc/md5$
(With apologies to Bara; let's hope she'll never find out).
Pavel
PS: I tried it on linux console, and it does some nasty terminal
tricks. Of course, if Bara investigated, she'd probably found out
how...
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
--jRHKVT23PllUwdXP
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=msg1
Content-Transfer-Encoding: base64
0THdAsXm7sRpPZoGmK/5XC/KtQcSRn6rQARYPrj7f4lVrTQGCfSzAoPkiIMl8UFaCFEl6PfN
yZ/ZHb1ygDc8W9iCPjFWNI9brm2s1DbJGcbdU+I0h9oD/QI5YwbSSM2g6Z8zQg9XfujOVLZw
gCgNHsaYIby2qIOTlvllq2/3KnAICAgICAgICAgICAgICAgICEkgYWdyZWUgdG8gc2VsbCB5
b3UgbXkgaG9yc2UgXkZpdGFeLCBpdHMgc2FkZGxlIGFuZCBoYXJuZXNzIGZvciBwcmljZSAg
IDEbW0MwMDAgZG9sbGFycy4gU2lnbmVkIEJhcmEKCg==
--jRHKVT23PllUwdXP
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=msg2
Content-Transfer-Encoding: base64
0THdAsXm7sRpPZoGmK/5XC/KtYcSRn6rQARYPrj7f4lVrTQGCfSzAoPkiIMlcUFaCFEl6PfN
yZ/ZHb3ygDc8W9iCPjFWNI9brm2s1DbJGcbdU+K0h9oD/QI5YwbSSM2g6Z8zQg9XfujOVLZw
gKgNHsaYIby2qIOTlvllK2/3KnAICAgICAgICAgICAgICAgICEkgYWdyZWUgdG8gc2VsbCB5
b3UgbXkgaG9yc2UgXkZpdGFeLCBpdHMgc2FkZGxlIGFuZCBoYXJuZXNzIGZvciBwcmljZSAg
IDEbW0MwMDAgZG9sbGFycy4gU2lnbmVkIEJhcmEKCg==
--jRHKVT23PllUwdXP--
