1994-09-01 - Re: $10M breaks MD5 in 24 days

Header Data

From: “Ian Farquhar” <ianf@simple.sydney.sgi.com>
To: cypherpunks@toad.com
Message Hash: 8d7ad7c65ffcf72241b3aa96b1185d1e700ded32f77bcdbf0755dbeeb3887efc
Message ID: <9409020849.ZM1914@simple.sydney.sgi.com>
Reply To: <199408260001.TAA00715@omaha.omaha.com>
UTC Datetime: 1994-09-01 22:52:56 UTC
Raw Date: Thu, 1 Sep 94 15:52:56 PDT

Raw message

From: "Ian Farquhar" <ianf@simple.sydney.sgi.com>
Date: Thu, 1 Sep 94 15:52:56 PDT
To: cypherpunks@toad.com
Subject: Re: $10M breaks MD5 in 24 days
In-Reply-To: <199408260001.TAA00715@omaha.omaha.com>
Message-ID: <9409020849.ZM1914@simple.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 25,  7:01pm, alex wrote:
> Subject: Re: $10M breaks MD5 in 24 days
> > One of the more interesting papers had a claim (with little detail,
> > unfortunately) that for ten million dollars you could build a machine that
> > would "break" MD5, in the sense of finding another message which would
> > hash to the same as a chosen one, in 24 days.

> This in itself wouldn't give an attacker much of anything would it?  I
> mean, once they discovered a message which hashed to a given value, the
> new message wouldn't be in the proper format, would it?  Wouldn't it just
> be noise, instead of text in english, crypto keys, etc.?

Not necessarily.  If you're forging some packet, certificate or file, it is
often adequate to have just a couple of fields (potentially a few bits)
which contain data you want, and the rest can be garbage.  If your search
engine could fix these and play with the rest of the packet, the chances are
good (but decreasing with the more bits you use for a fixed size packet) that
you will find a packet which will have the correct signature _and_ contain the
forged data you need.  If you can play with the packet size, then your chances
of finding a match increase.

							Ian.








Thread