1995-10-28 - Re: 50 attacks… [NOISE]

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: tomw@cthulhu.engr.sgi.com
Message Hash: 501a7703064fbac587db070775d264660f33045c30a640d1abd59c2e152da1e2
Message ID: <199510281848.LAA04943@ix7.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-10-28 19:15:32 UTC
Raw Date: Sun, 29 Oct 1995 03:15:32 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Oct 1995 03:15:32 +0800
To: tomw@cthulhu.engr.sgi.com
Subject: Re: 50 attacks... [NOISE]
Message-ID: <199510281848.LAA04943@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 AM 10/20/95 -0700, tomw@engr.sgi.com wrote:
>To date, MD5 appears to be a secure hash.  If you manage to find a way
>to reverse it, please let us all know.

There are a couple of analytically known collisions, and a birthday attack
can generate more after a mere 2**64 tries or so; for some applications, 
this can be a problem (e.g. a if a collision between real input and
random-trash input can let you get the system to do something unexpected
by handing it the random-trash input.)

Also, you can easily MD5-hash a dictionary of a billion wimpy passphrases
to let you catch people who use wimpy passphrases, and similarly hash
a dictionary of a billion reasonably-probable plaintexts for applications
that have reasonably-probable plaintexts that leave the hashes in plain view
(e.g. checksums for messages like "send $X to account Y"); this kind of
attack works for any hash, including cryptographically strong hashes,
as long as the system being attacked lets you crack it by reversing a hash
and doesn't use salt in its hashes.


>Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
>we *do* anything.  --  Washington DC motto          | tomw@engr.sgi.com

But Washington not doing anything is *good* :-)
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






Thread