LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-15-2005, 10:06 PM   #1
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
MD5 Collision Source Code Released


It's no joke:
http://it.slashdot.org/it/05/11/15/2...tid=93&tid=228

http://www.stachliu.com.nyud.net:8090/md5coll.c
http://www.stachliu.com.nyud.net:8090/md4coll.c
 
Old 11-20-2005, 11:53 PM   #2
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
According to what I've read it doesn't, in practice, make it any easier or faster to reverse (ie. crack) password hashes such as are used in Linux's /etc/shadow. Still it'd be good to see distros getting away from it as a default ASAP and moving to something like SHA-256.
 
Old 11-21-2005, 01:22 AM   #3
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
Quote:
According to what I've read it doesn't, in practice, make it any easier or faster to reverse (ie. crack) password hashes
You still can't reverse a hash, that remains impossible. All this does is generate a string that will generate the same hash as another string, at least that's my understanding.
 
Old 11-21-2005, 04:51 AM   #4
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Its not impossible - it only takes a few days or hours with a modern computer to reverse an MD5 hash, and that was regardless of the recent collision discoveries. You'd hope with SHA-256 or something like that it'd be at least impractical to reverse it - ie. it'd take years or centuries or more.

Quote:
All this does is generate a string that will generate the same hash as another string, at least that's my understanding.
Yeah that's the impression I got as well. It's a real danger because it means that you can generate, for example, a trojaned ISO file that has the same MD5 sum as the real one.
 
Old 11-21-2005, 05:11 PM   #5
primo
Member
 
Registered: Jun 2005
Posts: 542

Original Poster
Rep: Reputation: 34
(the slashdot post has very misleading information)

What the algorithm does is not reverse a hash, not even (still) finding M2 such that H(M1) = X = H(M2), but finding both M1 and M2, the so-called birthday attack. A hash is theoretically secure if the birthday attack is approached by brute-force, but now there's an algorithm to do so.

I still don't know how much it affects shadow hashes. Salts only protects us from rainbow tables (that is, a collection of hashes of known passwords). Fortunately, recent distros have crypt-blowfish. You may configure it with /etc/login.conf. Just add / change the line to: ":passwd_format=blf:\"

Last edited by primo; 11-21-2005 at 06:49 PM.
 
Old 11-21-2005, 06:10 PM   #6
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Quote:
You may configure it with /etc/login.conf. Just add / change the line to: "asswd_format=blf:\"
What distro is that on? I've just had a look on both Mandriva2006 and Centos4 and couldn't see anything like that. I think the blowfish stuff needs to be setup and some packages have it built in for it to work. Suse offers the option of blowfish passwords doesn't it?
 
Old 11-21-2005, 06:52 PM   #7
primo
Member
 
Registered: Jun 2005
Posts: 542

Original Poster
Rep: Reputation: 34
Try with PAM in /etc/pam.d/system-auth and maybe /etc/libuser.conf
 
Old 11-23-2005, 08:46 AM   #8
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Rep: Reputation: 30
Have you tried the C program for that published md5 weakness? Could you found out a md5 collision?
I couldnít .... and I let it working for 2 days on a P3 1Gz processor...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quake III Source Code released! Ryan450 Linux - Games 8 09-02-2005 12:43 AM
How to convert Assembly code to "C" source code ssg14j Programming 2 08-01-2005 12:48 PM
MD5, collision and verification program Mr-TY General 1 11-30-2004 08:59 AM
atkbd.c: Unknown key released (translated set 2, code 0x7a on isa0060/serio0). atkbd. satanic_linux Slackware 1 06-08-2004 02:11 PM
what is MD5 code? Warchief Linux - Newbie 5 07-23-2003 08:00 AM


All times are GMT -5. The time now is 01:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration