md5 collision

matt_left_coast wrote:

> Unruh wrote:
>
>>>When dealing with the first case, you create the first of the two files,
>>>then the file IS known. Then you would be dealing with the second case.
>>
>> But you have to create them together. You cannot create one and then make
>> another which has the same md5.
>
> Exact process, please.

The logic here escapes me. Unruh appears to be claiming that
you cannot do something ("cannot create one and then make
another which has the same md5"), and matt_left_coast appears
to be asserting that Unruh should support that claim by
detailing how to do something. You cannot show that something
is impossible by showing how to do something. If
matt_left_coast wishes to claim that one can find a preimage
to a given hash, it's up to him to specify how.

A recent paper on md5 attacks is "Improved Collision Attack on MD5"
by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
available at http://eprint.iacr.org/2005/400.pdf. The procedure
is outlined in section 3.4. While the details are not essential
to this discussion, the alert reader will note that the attack
does *not* produce a preimage for a given hash, but rather produces
a pair of messages whose hashes match. Unruh is quite right.

--
Peter Pearson
To get my email address, substitute:
nowhere -> spamcop, invalid -> net

Peter Pearson wrote:
> Pat Farrell wrote:
>> Based on MD5 in what way? Not in any technical aspect, other
>> than both were designed to be cryptographically strong hashes.
>
> The nature of the mushing, however, is very similar:
> a dataflow diagram of MD5 looks very much like a dataflow
> diagram of SHA.

Sure, they are both basically feisel ciphers.

Lots of ciphers are feisel ciphers, a dataflow diagram
doesn't show much. Take clear text, smush it some, end up
with weird garbage looking stuff.

Idea, AES, DES, lets look like that.

> Since SHA-1 appeared to be a very robust design, but has
> recently been found to be weak, the crypto community is
> perplexed by the realization that we don't know much about
> designing hash functions.

Found to have a flaw is not the same as "weak"
Which do you mean?

At some level, all crypto is voodoo.

--
Pat

In comp.os.linux.security matt_left_coast <not@chance.org>:
> Unruh wrote:

>> matt_left_coast <not@chance.org> writes:
>>
>>>Unruh wrote:
>>
>>>>>When dealing with the first case, you create the first of the two files,
>>>>>then the file IS known. Then you would be dealing with the second case.
>>>>
>>>> But you have to create them together. You cannot create one and then
>>>> make another which has the same md5.
>>
>>>Exact process, please.
>>
>> Go read the papers.

> Well, I'll take that as proof you are just bull shitting, as I thought.

Please calm down.

This should give a little more insight:

http://www.cits.rub.de/MD5Collisions/

There is heavily math involved, so you can be sure Bill is almost
always right.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 301: appears to be a Slow/Narrow SCSI-0 Interface
problem

Peter Pearson wrote:

> matt_left_coast wrote:
>
>> Unruh wrote:
>>
>>>>When dealing with the first case, you create the first of the two files,
>>>>then the file IS known. Then you would be dealing with the second case.
>>>
>>> But you have to create them together. You cannot create one and then
>>> make another which has the same md5.
>>
>> Exact process, please.
>
> The logic here escapes me. Unruh appears to be claiming that
> you cannot do something ("cannot create one and then make
> another which has the same md5"), and matt_left_coast appears
> to be asserting that Unruh should support that claim by
> detailing how to do something. You cannot show that something
> is impossible by showing how to do something. If
> matt_left_coast wishes to claim that one can find a preimage
> to a given hash, it's up to him to specify how.
>
> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
> available at http://eprint.iacr.org/2005/400.pdf. The procedure
> is outlined in section 3.4. While the details are not essential
> to this discussion, the alert reader will note that the attack
> does *not* produce a preimage for a given hash, but rather produces
> a pair of messages whose hashes match. Unruh is quite right.
>

Are the two files useful for ANYTHING? What are you going to do, put up one
of the files for download and swap it for the other? Yeah, you can generate
virtually random files that have the same MD5 value but what is the use? It
is a meaningless exercise in mental masturbation. Other than to prove it
can be done, what use is it? Can you come up with a truly useful "attack"
that could be based on this?

Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
that 2 legitimate files exist in any place where it could be an issue is so
ridiculously remote and other issues so much more important that it is
probably not worth the effort devoted to this discussion.

--

matt_left_coast wrote:
> Jan Pompe wrote:
>
>
>>matt_left_coast wrote:
>>
>>>Jan Pompe wrote:
>>>
>>>
>>>
>>>>matt_left_coast wrote:
>>>>
>>>>
>>>>>Unruh wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Unruh wrote:
>>>>>>
>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>second case.
>>>>>>>>
>>>>>>>>But you have to create them together. You cannot create one and then
>>>>>>>>make another which has the same md5.
>>>>>>
>>>>>>>Exact process, please.
>>>>>>
>>>>>>Go read the papers.
>>>>>
>>>>>
>>>>>Well, I'll take that as proof you are just bull shitting, as I thought.
>>>>>
>>>>
>>>>Is it proof of the same thing when you do it?
>>>>
>>>>You seem to do it alot
>>>
>>>
>>>Where?
>>>
>>
>>Do you have a problem with recall?
>>
>>here, wish list overcoming NIS
>
>
> Eh? Where in this thread did I say anything like "Go read the papers."? No
> where.
>
>
>>here there everywhere
>
>
> I see you have made an accusation you can not back up. If you have any thing
> REAL to back up your personal attacks, please provide examples.
>
You have them go read the threads named.

matt_left_coast wrote:
> Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
> that 2 legitimate files exist in any place where it could be an issue is
> so ridiculously remote and other issues so much more important that it is
> probably not worth the effort devoted to this discussion.

Generally correct. But it costs nothing to use a better hash.
So we need to tell people to just stop using MD5 and use whatever
SHA* that your threat model requires.

--
Pat

Pat Farrell wrote:

> matt_left_coast wrote:
>> Quite frankly, people worried about the MD5 thing are nuts, the
>> likelyhood that 2 legitimate files exist in any place where it could be
>> an issue is so ridiculously remote and other issues so much more
>> important that it is probably not worth the effort devoted to this
>> discussion.
>
> Generally correct. But it costs nothing to use a better hash.
> So we need to tell people to just stop using MD5 and use whatever
> SHA* that your threat model requires.
>

Oh? So, a company that is makes hevy use of MD5 can cut over with no cost?
BS.
--

Michael Heiming wrote:

> In comp.os.linux.security matt_left_coast <not@chance.org>:
>> Unruh wrote:
>
>>> matt_left_coast <not@chance.org> writes:
>>>
>>>>Unruh wrote:
>>>
>>>>>>When dealing with the first case, you create the first of the two
>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>second case.
>>>>>
>>>>> But you have to create them together. You cannot create one and then
>>>>> make another which has the same md5.
>>>
>>>>Exact process, please.
>>>
>>> Go read the papers.
>
>> Well, I'll take that as proof you are just bull shitting, as I thought.
>
> Please calm down.
>
> This should give a little more insight:
>
> http://www.cits.rub.de/MD5Collisions/
>
> There is heavily math involved, so you can be sure Bill is almost
> always right.
>

If you read it carefully, it also does not say it is IMPOSSIBLE to create a
second file. Given enough time and computer power, it could well be done.
The point is, does it make any difference to create a files in that method?
Can they be used for ANYTHING? Like wise, is it worth the effort to make a
second file that has the same checksum value. Also, the fact that you can,
with a great deal of effort create 2 files that have the same MD5 value,
there is nothing that shows that every file can have a second file with the
same checksum. Indeed, I see nothing that shows that ANY pre-existing file
can have a checksum that can be shared with another file. In short it may
be that only a very few of all the files in the world can even HAVE a
second file with the same checksum much less have it be an issue.

The evidence I have seen does not show that this is a serious issue at all.

--

Jan Pompe wrote:

> matt_left_coast wrote:
>> Jan Pompe wrote:
>>
>>
>>>matt_left_coast wrote:
>>>
>>>>Jan Pompe wrote:
>>>>
>>>>
>>>>
>>>>>matt_left_coast wrote:
>>>>>
>>>>>
>>>>>>Unruh wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>second case.
>>>>>>>>>
>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>then make another which has the same md5.
>>>>>>>
>>>>>>>>Exact process, please.
>>>>>>>
>>>>>>>Go read the papers.
>>>>>>
>>>>>>
>>>>>>Well, I'll take that as proof you are just bull shitting, as I
>>>>>>thought.
>>>>>>
>>>>>
>>>>>Is it proof of the same thing when you do it?
>>>>>
>>>>>You seem to do it alot
>>>>
>>>>
>>>>Where?
>>>>
>>>
>>>Do you have a problem with recall?
>>>
>>>here, wish list overcoming NIS
>>
>>
>> Eh? Where in this thread did I say anything like "Go read the papers."?
>> No where.
>>
>>
>>>here there everywhere
>>
>>
>> I see you have made an accusation you can not back up. If you have any
>> thing REAL to back up your personal attacks, please provide examples.
>>
> You have them go read the threads named.

I asked for EXAMPLES but you have not provided anything verifiable, you are
full of shit. Provide message ID of where I do what you claim.
--

Jan Pompe wrote:

> matt_left_coast wrote:
>> Jan Pompe wrote:
>>
>>
>>>matt_left_coast wrote:
>>>
>>>>Jan Pompe wrote:
>>>>
>>>>
>>>>
>>>>>matt_left_coast wrote:
>>>>>
>>>>>
>>>>>>Unruh wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>second case.
>>>>>>>>>
>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>then make another which has the same md5.
>>>>>>>
>>>>>>>>Exact process, please.
>>>>>>>
>>>>>>>Go read the papers.
>>>>>>
>>>>>>
>>>>>>Well, I'll take that as proof you are just bull shitting, as I
>>>>>>thought.
>>>>>>
>>>>>
>>>>>Is it proof of the same thing when you do it?
>>>>>
>>>>>You seem to do it alot
>>>>
>>>>
>>>>Where?
>>>>
>>>
>>>Do you have a problem with recall?
>>>
>>>here, wish list overcoming NIS
>>
>>
>> Eh? Where in this thread did I say anything like "Go read the papers."?
>> No where.
>>
>>
>>>here there everywhere
>>
>>
>> I see you have made an accusation you can not back up. If you have any
>> thing REAL to back up your personal attacks, please provide examples.
>>
> You have them go read the threads named.

Within the thread I reffer back to a statement MADE IN THAT THREAD. I reffer
to the ORIGINAL POST OF THE TREAD. I have NEVER said "Go read the papers."
where there is NO link to the "papers" within the thread. There is a big
difference between referring back to something said in a conversation and
referring to something that has not been mentioned and in such a generic
way as " Go read the papers." Too bad you are too stupid to understand
that.

--