[37659] in bugtraq
Re: MD5 To Be Considered Harmful Today
daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Wed Dec 8 19:39:34 2004
Message-ID: <41B77ECF.7030404@doxpara.com>
Date: Wed, 08 Dec 2004 14:23:11 -0800
From: Dan Kaminsky <dan@doxpara.com>
MIME-Version: 1.0
To: Pavel Machek <pavel@ucw.cz>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20041208013941.GA5210@elf.ucw.cz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
>
>
>:~/misc/md5$ cat msg1
>I agree to sell you my horse ^Fita^, its saddle and harness for price 14000 dollars. Signed Bara
>
>
>
Except you can't do this, since the appended data needs to be identical
between the two files. That's why I used the encrypted payload -- it
ties the semantic meaning of the embedded commands to posession of
vec1's series of bits, which is of course what a cipher is meant to do.
Your payloads differ but the above line is incorrect. Your actual
appended files:
$ cat msg1
[terminal garbage]I agree to sell you my horse ^Fita^, its saddle and
harness for price 1 000 dollars. Signed Bara
$ cat msg2
[slightly different terminal garbage]I agree to sell you my horse
^Fita^, its saddle and harness for price 1 000 dollars. Signed Bara
--Dan