1995-10-24 - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

Header Data

From: hallam@w3.org
To: cypherpunks@toad.com
Message Hash: 3638e65dd9872d68861618c2555d649b55a504cb3086807cc831c99c087a3041
Message ID: <9510241714.AA22217@zorch.w3.org>
Reply To: <9510241442.AA12411@all.net>
UTC Datetime: 1995-10-24 17:15:03 UTC
Raw Date: Tue, 24 Oct 95 10:15:03 PDT

Raw message

From: hallam@w3.org
Date: Tue, 24 Oct 95 10:15:03 PDT
To: cypherpunks@toad.com
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
In-Reply-To: <9510241442.AA12411@all.net>
Message-ID: <9510241714.AA22217@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>As to weaknesses, I seem to remember that someone managed to forge a
>modification to a program used to observe networks on a Sun so that it
>had the same MD5 checksum as the official trusted version.  But whether
>this is real is not strictly the issue. 

Ron has not mentioned such an event to me and if that were the case I would 
seriously doubt that he would not have been told about it. The only comment he 
generally makes is that he wrote MD5 because "MD4 was making me nervous".

>In the case of the trust being placed in MD5 by Netscape, the assumption
>being made (without adequate support as far as I can tell) is that an
>MD5 checksum cannot be forced, through a chosen plaintext attack, to

Netscape do not simply use the MD5 of the message, they are using (as I 
understand it) the PKCS#1 standard for makoing the signature. If not they 
probably have severe problems.

>There has been no limit given by anyone on this list to the level of
>trust they place in MD5.  Several people have posted (without
>contention) that MD5 is sufficiently trustworthy to trust billions of
>dollars in commerce to it's being able to prevent a selected plaintext
>attack as eluded to above. 

NIST and the NSA trusted MD4 sufficiently to base SHA upon it. SHA is preferable 
in many ways to MD5, it has a different approach to extending the scheduling and 
resist differential cryptanalysis. There is a problem with the compressor 
function of MD5 which I dislike. This is fairly irrelevant though since SSL 
allows other digests to be used.

	Phill

Thread

• Return to October 1995

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Aleph One <aleph1@dfw.net>”
• Return to “Andy Brown <asb@nexor.co.uk>”
• Return to “anonymous-remailer@shell.portal.com”
• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “hallam@w3.org”
• Return to “Jeff Barber <jeffb@sware.com>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Jon Mittelhauser <jonm@netscape.com>”
• Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
• Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
• Return to “Mark <mark@lochard.com.au>”
• Return to “Matt Blaze <mab@crypto.com>”
• Return to “Nesta Stubbs <nesta@cynico.com>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Ray Cromwell <rjc@clark.net>”
• Return to “roy@cybrspc.mn.org (Roy M. Silvernail)”
• Return to “sameer <sameer@c2.org>”

• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• 1995-10-22 (Sun, 22 Oct 95 14:10:05 PDT) - Netscape Logic Bomb detailed by IETF - anonymous-remailer@shell.portal.com
  • 1995-10-23 (Mon, 23 Oct 95 06:44:11 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
    • 1995-10-23 (Mon, 23 Oct 95 07:16:40 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
      • 1995-10-23 (Mon, 23 Oct 95 08:01:02 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Josh M. Osborne” <stripes@va.pubnix.com>
        • 1995-10-24 (Tue, 24 Oct 95 02:32:25 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-24 (Tue, 24 Oct 95 06:50:39 PDT) - Re: Netscape Logic Bomb detailed by IETF - Aleph One <aleph1@dfw.net>
            • 1995-10-24 (Tue, 24 Oct 95 08:52:20 PDT) - Does your software? - fc@all.net (Dr. Frederick B. Cohen)
              • 1995-10-24 (Tue, 24 Oct 95 10:10:53 PDT) - Re: Does your software? - Jeff Barber <jeffb@sware.com>
                • 1995-10-24 (Tue, 24 Oct 95 10:50:17 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                  • 1995-10-25 (Wed, 25 Oct 95 06:33:11 PDT) - Re: Does your software? - Andy Brown <asb@nexor.co.uk>
                    • 1995-10-25 (Wed, 25 Oct 95 10:25:00 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-24 (Tue, 24 Oct 95 16:01:55 PDT) - Re: Does your software? - Jon Mittelhauser <jonm@netscape.com>
                  • 1995-10-25 (Tue, 24 Oct 95 21:40:12 PDT) - Re: Does your software? - Simon Spero <ses@tipper.oit.unc.edu>
                    • 1995-10-25 (Wed, 25 Oct 95 03:52:48 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-25 (Tue, 24 Oct 95 17:24:50 PDT) - Re: Does your software? - Jeff Weinstein <jsw@netscape.com>
                  • 1995-10-25 (Wed, 25 Oct 95 04:22:42 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                    • 1995-10-25 (Wed, 25 Oct 95 06:55:27 PDT) - Re: Does your software? - Adam Shostack <adam@homeport.org>
                      • 1995-10-25 (Wed, 25 Oct 95 07:09:01 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                      • 1995-10-25 (Wed, 25 Oct 95 09:05:14 PDT) - Re: Does your software? - Aleph One <aleph1@dfw.net>
              • 1995-10-24 (Tue, 24 Oct 95 15:39:02 PDT) - Re: Does your software? - Ray Cromwell <rjc@clark.net>
                • 1995-10-24 (Tue, 24 Oct 95 15:54:11 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
        • 1995-10-24 (Tue, 24 Oct 95 07:29:09 PDT) - MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
          • 1995-10-24 (Tue, 24 Oct 95 07:46:20 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 09:32:07 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Andy Brown <asb@nexor.co.uk>
            • 1995-10-24 (Tue, 24 Oct 95 10:15:03 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - hallam@w3.org
              • 1995-10-24 (Tue, 24 Oct 95 12:02:35 PDT) - Hash collisions [was Re: MD5 weakness ? …] - Matt Blaze <mab@crypto.com>
            • 1995-10-25 (Tue, 24 Oct 95 17:16:29 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Mark <mark@lochard.com.au>
          • 1995-10-24 (Tue, 24 Oct 95 08:54:39 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - futplex@pseudonym.com (Futplex)
            • 1995-10-24 (Tue, 24 Oct 95 13:04:15 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 16:38:31 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - “Perry E. Metzger” <perry@piermont.com>
          • 1995-10-24 (Tue, 24 Oct 95 10:46:44 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
        • 1995-10-24 (Tue, 24 Oct 95 08:27:53 PDT) - Re: Netscape Logic Bomb detailed by IETF - Jeff Weinstein <jsw@netscape.com>
          • 1995-10-24 (Tue, 24 Oct 95 09:28:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - sameer <sameer@c2.org>
      • 1995-10-23 (Mon, 23 Oct 95 08:32:06 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
      • 1995-10-23 (Mon, 23 Oct 95 12:13:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - futplex@pseudonym.com (Futplex)
      • 1995-10-25 (Tue, 24 Oct 95 20:02:23 PDT) - Re: Netscape Logic Bomb detailed by IETF - Nesta Stubbs <nesta@cynico.com>
  • 1995-10-24 (Mon, 23 Oct 95 17:31:07 PDT) - Re: Netscape Logic Bomb detailed by IETF - roy@cybrspc.mn.org (Roy M. Silvernail)