Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: The Pointlessness of the MD5 "attacks"
.

  • To: Ben Laurie <[EMAIL PROTECTED]>
  • Subject: Re: The Pointlessness of the MD5 "attacks"
  • From: Adam Back <[EMAIL PROTECTED]>
  • Date: Tue, 14 Dec 2004 18:09:39 -0500
  • Cc: Ondrej Mikle <[EMAIL PROTECTED]>, Cryptography <[EMAIL PROTECTED]>, Adam Back <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
I thought the usual attack posited when one can find a collision on a
source checksum is to make the desired change to source, then tinker
with something less obvious and more malleable like lsbits of a UI
image file until you find your collision on two input source packages.

Adam

On Tue, Dec 14, 2004 at 10:17:28PM +0000, Ben Laurie wrote:
> >>But the only way I can see to exploit this would be to have code that
> >>did different things based on the contents of some bitmap. My contention
> >>is that if the code is open, then it will be obvious that it does
> >>"something bad" if a bit is tweaked, and so will be suspicious, even if
> >>the "something bad" is not triggered in the version seen.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.