From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 88bb7b069fa8aa941f6e0a4c5fbb5a1671c01174472722cd6f7a2539ea90422c
Message ID: <199510300037.QAA08347@ix5.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-10-30 00:48:02 UTC
Raw Date: Mon, 30 Oct 1995 08:48:02 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Oct 1995 08:48:02 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
Message-ID: <199510300037.QAA08347@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>>As to weaknesses, I seem to remember that someone managed to forge a
>>modification to a program used to observe networks on a Sun so that it
>>had the same MD5 checksum as the official trusted version. But whether
>>this is real is not strictly the issue.
There was a program that forged CRC checksums that came out a couple years back,
letting you create a Trojan Horse and modify it to match Unix "sum" checksums
by adding junk to the end. I'd be extremely surprised if anyone did this
with MD5;
CRCs are invertable, and generally short enough to brute-force as well.
#---
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
Return to October 1995
Return to “Bill Stewart <stewarts@ix.netcom.com>”
1995-10-30 (Mon, 30 Oct 1995 08:48:02 +0800) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Bill Stewart <stewarts@ix.netcom.com>