Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: The Pointlessness of the MD5 "attacks"
.

  • To: Adam Back <[EMAIL PROTECTED]>
  • Subject: Re: The Pointlessness of the MD5 "attacks"
  • From: Ben Laurie <[EMAIL PROTECTED]>
  • Date: Tue, 14 Dec 2004 23:21:13 +0000
  • Cc: Ondrej Mikle <[EMAIL PROTECTED]>, Cryptography <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
Adam Back wrote:

I thought the usual attack posited when one can find a collision on a
source checksum is to make the desired change to source, then tinker
with something less obvious and more malleable like lsbits of a UI
image file until you find your collision on two input source packages.
Quite so, but the "desired change to source" is either not visible, or suspicious. If it's not visible, then just make it malicious. And if it's suspicious then it shouldn't be run. 

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.