From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Oct 1995 08:48:02 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
Message-ID: <199510300037.QAA08347@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>As to weaknesses, I seem to remember that someone managed to forge a
>>modification to a program used to observe networks on a Sun so that it
>>had the same MD5 checksum as the official trusted version.  But whether
>>this is real is not strictly the issue. 

There was a program that forged CRC checksums that came out a couple years back,
letting you create a Trojan Horse and modify it to match Unix "sum" checksums
by adding junk to the end.  I'd be extremely surprised if anyone did this
with MD5;
CRCs are invertable, and generally short enough to brute-force as well.
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---