1995-10-25 - RE: MD5 weakness ? [was Re: Netscape Log

Header Data

From: agermain@cmp.com (Germain Arthur)
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 427c8316b28bdf06b26621ef7b27de14695c79b43280bde061825bac917df24f
Message ID: <1995Oct25.093455.1151.341100@smtpgate.cmp.com>
Reply To: N/A
UTC Datetime: 1995-10-25 13:35:28 UTC
Raw Date: Wed, 25 Oct 95 06:35:28 PDT

Raw message

From: agermain@cmp.com (Germain Arthur)
Date: Wed, 25 Oct 95 06:35:28 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: RE: MD5 weakness ? [was Re: Netscape Log
Message-ID: <1995Oct25.093455.1151.341100@smtpgate.cmp.com>
MIME-Version: 1.0
Content-Type: text/plain



I have unsubscribed from this mailing list. Please remove my name from   
your personal address lists. Thanks.

ahg3

 ----------
From:  Laurent Demailly[SMTP:dl@hplyot.obspm.fr]
Sent:  Tuesday, October 24, 1995 6:45 PM
To:  Dr. Frederick B. Cohen
Cc:  cypherpunks
Subject:  Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by   
IETF]


<grrrrrrr>

Frederick B. Cohen writes:
 > >  > [...] uses an MD5 checksum which the members
 > >  > of this list seem to place unlimited trust in (incorrectly in my   
view,
 > >  > but that would be picking two nits with one keyboard entry).

[me]> Can you elaborate WITH FACTS on the supposed weakness of MD5 ?
                        **********
I wonder what is your definition of facts...

 > I didn't say that there were any weaknesses in MD5, all I said was:
 >  "unlimited trust ... (incorrectly in my view...)"
 >
 > The lack of adequate demonstration of strength is not the same as a
 > weakness.  It represents only a lack of adequate assurance for placing
 > more than a certain amount of trust in MD5 for the purpose it is being
 > used to accomplish.
 >
 > As to weaknesses, I seem to remember that someone managed to forge a
 > modification to a program used to observe networks on a Sun so that it
 > had the same MD5 checksum as the official trusted version.  But   
whether
This is absolute bullshit with a probability of (2^128-1)/2^128
 > this is real is not strictly the issue.
On the contrary real things should be the issue... not random thoughts

 > In the case of the trust being placed in MD5 by Netscape, the   
assumption
 > being made (without adequate support as far as I can tell) is that an
because you can't tell 1+1=2 doesn't imply people have to worry...
 > MD5 checksum cannot be forced, through a chosen plaintext attack, to
 > yield checksums of 1, 2, 3, 5, 7, 9, ...  on up to enough primes to
 > allow the known plaintext attack that gets the RSA private key used to
 > authenticate messages.  As far as I am aware (and I may not be aware   
of
 > everything) there is no reference work to support this assumption.  If
The fact that you obviously didn't take the time to do any
search/reading on the subject does not allow you to go on with mad
assumptions...
 > the assumption is wrong, then the whole SSL can fall to a selected
 > plaintext attack launchable (presumably) through those general purpose
 > Java aplets we have heard so much about.
FYI,  ( false => false ) is a true expression... starting from false
assumption you can demonstrate *anything*
{ if 1+1!=2, lots of things "fall"}
 [me]> [btw who talked about 'unlimited' trust ?]
 > There has been no limit given by anyone on this list to the level of
 > trust they place in MD5.  Several people have posted (without
 > contention) that MD5 is sufficiently trustworthy to trust billions of
 > dollars in commerce to it's being able to prevent a selected plaintext
 > attack as eluded to above.  If you think we should trust it, and you
 > don't limit your assessment of trust, what other assumption should I
 > make? If several people proclaim that trust and nobody stands up in
 > disagreement, tacit agreement is my normal (although not necessarily
 > justified) assumption.

AGAIN, the limit is 2^128 computer operations (as I quoted from the rfc
days ago), which is imo certainly NOT the weakest part of the security
chain...

Do you actually read anything people are mailing or writing ?
</grrrrrrr>

sorry again, I feel tested...

dl
 --
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...
Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent   
soixante
sept

cracking SEAL Team 6 counter-intelligence DES Pasqua Qaddafi class
 struggle







Thread