MD5 and SHA cracked/broken...
Paul Rubin
http
Sun Sep 12 22:46:52 EDT 2004
Kirk Job-Sluder <kirk at eyegor.jobsluder.net> writes:
> It should also be mentioned that "broken" in terms of Cryptography is a
> bit different from how we think about computer security in general.
> "Broken" in this case means that there exists a known algorithm that
> makes it easier than a brute force attack to violate one or more of the
> desired properties for a good hash algorithm. It DOES NOT mean that a
> practical exploit exists for MD5 that permits one to slip a trojan into
> downloaded files or crack a password file. There are easier ways to
> plant a trojan than to create an identical MD5 hash, or crack a password
> file than to try to break preimage resistance.
You don't need preimages to plant a trojan. If you can create mere
collisions, you can create two files, one with a trojan and one
without a trojan, that have the same md5sum. You publish the
non-trojan one, people inspect it carefully and start using it, and
download sites say that its md5sum should be so-and-so. Now you can
replace the non-trojan file with the trojan version and the md5sum
will still verify.
More information about the Python-list
mailing list