Md5 spoof

peter1234 · 09-23-2010, 08:39 AM

Hi All,

I been hearing about md5 spoof for some time, and did a search on it and came across this site.

http://www.win.tue.nl/hashclash/SoftIntCodeSign/

I downloaded the two files (they were identical size) and ran md5 and it was the same! Just to make sure I ran sha1, 256 also and shasums were different.

Hope this was informative.

H_TeXMeX_H · 09-23-2010, 09:27 AM

One of the links on there also points out that there exist collisions for sha1 as well.

Jeebizz · 09-23-2010, 09:30 AM

What surprises me is that the OP is surprised. There is no such thing as a 100% secure checksum/crypto system. Whats important now anyways is that the developers of said tools have already caught wind of this and are working on the fix.

GazL · 09-23-2010, 10:16 AM

Quote:

It is important to note that the hash value shared by the two different files is a result of the collision construction process. We cannot target a given hash value, and produce a (meaningful) input bit string hashing to that given value.

Though interesting from a theoretical crypto standpoint, it doesn't look to be any threat to md5sums as used for verifying a downloaded file hasn't been tampered with. They need to modify both files before they can engineer a collision. If they could achieve a collision by only modifying one of the files, then that would be a far more worrying.

Still, it was an interesting read. Thanks for posting.

MTK358 · 09-24-2010, 07:12 AM

If you have a file with 1000 bytes, and there's 8 bits in each byte, there could be 2^8000 (so much that my calculator app fails) different combinations.

And md5 sum consists of 128 bits, and has 2^128 (340282366920938463463374607431768211456) different possibilities. Not even close to the 1KB file.

Alexvader · 09-24-2010, 08:15 AM

Hi...

The MD ( message Digest ) family of Hash functions has been proved to be weak ( theoretically speaking ) to cryptanalitic attacks;

Several papers pertaining to its weakness have been published by RSA, and by Bruce Schneier himself...

The weaknesses are deemed theoretical because, despite the fact that one does not need a brute force attack to find a collision, several properties of the algorithm of hash

can be exploited to find a collision, this requires nonetheless a huge ammount of processing...

lupusarcanus · 09-24-2010, 07:14 PM

Quote:

Originally Posted by Jeebizz

What surprises me is that the OP is surprised. There is no such thing as a 100% secure checksum/crypto system. Whats important now anyways is that the developers of said tools have already caught wind of this and are working on the fix.

What surprises me is that you are surprised that the OP is surprised.

H_TeXMeX_H · 09-25-2010, 05:15 AM

Quote:

Originally Posted by leopard

What surprises me is that you are surprised that the OP is surprised.

What doesn't surprise me is what surprises you that you were surprised that the OP was surprised about being surprised about that.

lupusarcanus · 09-25-2010, 05:48 AM

Quote:

Originally Posted by H_TeXMeX_H

What doesn't surprise me is what surprises you that you were surprised that the OP was surprised about being surprised about that.

What halfheartedly surprises me is that you aren't surprised that I was surprised that I was surprised that the OP was surprised about being surprised about that.

Surprising, isn't it?

MTK358 · 09-25-2010, 06:58 AM

Quote:

Originally Posted by leopard

What surprises me is that you are surprised that the OP is surprised.

I'm surprised that you're not surprised by the OP being surprised.

Alexvader · 09-25-2010, 07:39 AM

Quote:

Originally Posted by leopard

What halfheartedly surprises me is that you aren't surprised that I was surprised that I was surprised that the OP was surprised about being surprised about that.

Surprising, isn't it?

What halfheartedly surprises me is that you aren't surprised POW( that I was surprised , N ) that the OP was surprised about being surprised about that