md5 collision
This is a discussion on md5 collision within the Linux Security forums, part of the System Security and Security Related category; What encription algorithm should i use for replacing the md5 for hasing?I understand that it was release the source ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-30-2005
|
|||
|
|||
md5 collision
What encription algorithm should i use for replacing the md5 for hasing?I understand that it was release the source code of the application that could make md5 collision
Best regards, julissa.leones@realcredits.com master@poweroversoftware.com http://www.poweroversoftware.com 
|
|
11-30-2005
|
|||
|
|||
|
Re: md5 collision
julissa.leones@booomail.com wrote:
> What encription algorithm should i use for replacing the md5 for > hasing?I understand that it was release the source code of the > application that could make md5 collision The best alternative at present is SHA256. If you want less than 256 bits of hash, compute SHA256 and truncate the result. Note that the ability to produce collision pairs for MD5 is *not* fatal for applications like (1) password hashing or (2) confirming that downloaded software matches the official distribution, since both these uses depend on the difficulty of finding a pre-image for a specific hash. -- Peter Pearson To get my email address, substitute: nowhere -> spamcop, invalid -> net
|
|
11-30-2005
|
|||
|
|||
|
Re: md5 collision
julissa.leones@booomail.com writes:
> What encription algorithm should i use for replacing the md5 for hasing?I understand that it was release the source code of the application that could make md5 collision A little knowledge is a dangerous thing. a) Linux does NOT password hash with MD5. It uses a horribly convoluted hash function which uses md5 amongst many other things to create the hash. b)One cannot create collisions. One can generate two files which have the same md5 hash. One cannot create a second file with the same md5 hash as a given file. c) If you want to use the hash for other purposes, the recommendation is to use sha256.
|
|
11-30-2005
|
|||
|
|||
|
Re: md5 collision
* Unruh <unruh-spam@physics.ubc.ca>
| b)One cannot create collisions. One can generate two files which | have the same md5 hash. One cannot create a second file with the | same md5 hash as a given file. Care to re-phrase? The last two sentences contradict each other in my understanding if interpreted literally. | One can generate two files which have the same md5 hash. Copy the file and it will have the same hash (of course)? | One cannot create a second file with the same md5 hash as a given | file. I just did? Or do you (obviously?) mean 'a second file with different contents than the first one'? R'
|
|
11-30-2005
|
|||
|
|||
|
Re: md5 collision
Ralf Fassel <ralfixx@gmx.de> said:
>* Unruh <unruh-spam@physics.ubc.ca> >| b)One cannot create collisions. One can generate two files which >| have the same md5 hash. One cannot create a second file with the >| same md5 hash as a given file. .... >| One cannot create a second file with the same md5 hash as a given >| file. > >I just did? Or do you (obviously?) mean 'a second file with different >contents than the first one'? Yep. So, it has been found out that it is relatively easy (or at least much easier than it should have been) to create two distinct files with the same MD5 checksum. But only if you create the second file somehow based on the first one. If you just have the md5 hash, it is still relatively hard to generate data which would produce the same hash. -- Wolf a.k.a. Juha Laiho Espoo, Finland (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++ "...cancel my subscription to the resurrection!" (Jim Morrison)
|
|
12-01-2005
|
|||
|
|||
|
Re: md5 collision
julissa.leones@booomail.com wrote:
> What encription algorithm should i use for replacing the md5 for > hasing? SHA, depending on the security needed, SHA1 may be fine if not SHA256 source code and test vectors are readily availble. -- Pat
|
|
12-01-2005
|
|||
|
|||
|
Re: md5 collision
Ralf Fassel <ralfixx@gmx.de> writes:
>* Unruh <unruh-spam@physics.ubc.ca> >| b)One cannot create collisions. One can generate two files which >| have the same md5 hash. One cannot create a second file with the >| same md5 hash as a given file. >Care to re-phrase? The last two sentences contradict each other in my >understanding if interpreted literally. No they do not. In the first case, you can create two files which have the same md5. In the second you are given a file and you have to find another one with the same md5. In the first case neither of the two files is known beforehand. In the second one is. Now, it is not as inoccuous as it sounds. Since you can also take two given files and all stuff to the end of them such that the two ammended files have the same md5. thus one could say "I agree to pay you $10 $ and the other "I agree to pay you $1000" afterwards, the two read "I agree to pay you $10 ^&^^%KJSH*(*" and the other reads "I agree to pay you $1000 NLK<>&*(^&)(*P><M OI " and that junk could be hidden in the huge amount to junk that Word for example stores in the file. >| One can generate two files which have the same md5 hash. >Copy the file and it will have the same hash (of course)? >| One cannot create a second file with the same md5 hash as a given >| file. >I just did? Or do you (obviously?) mean 'a second file with different >contents than the first one'? >R'
|
|
12-01-2005
|
|||
|
|||
|
Re: md5 collision
Pat Farrell <pfarrell@nospam.com> writes:
>julissa.leones@booomail.com wrote: >> What encription algorithm should i use for replacing the md5 for >> hasing? >SHA, depending on the security needed, SHA1 may be fine >if not SHA256 >source code and test vectors are readily availble. Because sha1 is closely based on MD5 it is no longer trusted. sha256 is recommended. Despite similar names, the algorithm is very different as I understand.
|
|
12-01-2005
|
|||
|
|||
|
Re: md5 collision
Unruh wrote:
> In the first case neither of the two files is known > beforehand. In the second one is. When dealing with the first case, you create the first of the two files, then the file IS known. Then you would be dealing with the second case. Unless you create both files at the same time, there is no way the first case can happen. You will always have a known file after the creation of the first file and only the second case would be applicable after the creation of the first file.
|
|
12-01-2005
|
|||
|
|||
|
Re: md5 collision
matt_left_coast <not@chance.org> writes:
>Unruh wrote: >> In the first case neither of the two files is known >> beforehand. In the second one is. >When dealing with the first case, you create the first of the two files, >then the file IS known. Then you would be dealing with the second case. But you have to create them together. You cannot create one and then make another which has the same md5. >Unless you create both files at the same time, there is no way the first YOu have to create them at the same time for the break to work. Ie, the break uses both files in creating the break. >case can happen. You will always have a known file after the creation of >the first file and only the second case would be applicable after the >creation of the first file. No. You must create both at the same time. Eg, lets say you take the MD5 of the first file and place that byte at the end of the second, then take the md5 of the second (including the added byte) and place one byte of that at the end of the first file, etc for 100 steps. (This is NOT how it is done but it illustrates how you can have to create both files at the same time.)
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:02 AM.
