[16543] in cryptography@c2.net mail archive
Re: The Pointlessness of the MD5 "attacks"
daemon@ATHENA.MIT.EDU (Adam Back)
Wed Dec 15 09:45:46 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 14 Dec 2004 18:47:27 -0500
From: Adam Back <adam@cypherspace.org>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Ondrej Mikle <ondrej.mikle@gmail.com>,
Cryptography <cryptography@metzdowd.com>,
Adam Back <adam@cypherspace.org>
In-Reply-To: <41BF7569.4070005@algroup.co.uk>
Well the people doing the checking (a subset of the power users) may
say "I checked the source and it has this checksum", and another user
may download that checksum and be subject to MITM and not know it.
Or I could mail you the source and you would check it with checksum
and compare checksum to web site.
Or somone could just go ahead and change the source without changing
the checksum or any of the changlog / cvs change notification stuff
and people would not think there is a change to review.
Some of this scenarios will likely work some of the time against
users.
Adam
On Tue, Dec 14, 2004 at 11:21:13PM +0000, Ben Laurie wrote:
> Adam Back wrote:
> >I thought the usual attack posited when one can find a collision on a
> >source checksum is to make the desired change to source, then tinker
> >with something less obvious and more malleable like lsbits of a UI
> >image file until you find your collision on two input source packages.
>
> Quite so, but the "desired change to source" is either not visible, or
> suspicious. If it's not visible, then just make it malicious. And if
> it's suspicious then it shouldn't be run.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
