1995-10-25 - RE: MD5 concerns, was Re: Netscape Logic

Header Data

From: agermain@cmp.com (Germain Arthur)
To: patrick@Verity.COM (Patrick Horgan)
Message Hash: a22f447c471b7870fbf3fd65bbe07a998abbf50f43260db61e00e41f7b2fe39d
Message ID: <1995Oct25.093009.1151.341065@smtpgate.cmp.com>
Reply To: N/A
UTC Datetime: 1995-10-25 13:29:47 UTC
Raw Date: Wed, 25 Oct 95 06:29:47 PDT

Raw message

From: agermain@cmp.com (Germain Arthur)
Date: Wed, 25 Oct 95 06:29:47 PDT
To: patrick@Verity.COM (Patrick Horgan)
Subject: RE: MD5 concerns, was Re: Netscape Logic
Message-ID: <1995Oct25.093009.1151.341065@smtpgate.cmp.com>
MIME-Version: 1.0
Content-Type: text/plain



I have unsubscribed from this mailing list. Please remove my name from   
your personal address lists. Thanks.

ahg3

 ----------
From:  Patrick Horgan[SMTP:patrick@Verity.COM]
Sent:  Tuesday, October 24, 1995 1:08 PM
To:  fc
Cc:  cypherpunks
Subject:  MD5 concerns, was Re: Netscape Logic Bomb detailed by IETF


> channel.  I think that Netscape uses an MD5 checksum which the members
> of this list seem to place unlimited trust in (incorrectly in my view,

This is the second time you've implied that an MD5 checksum might not be
as secure as we think.  Could you share your thinking on this?  I had
believed from reading the algorithm that it's not possible to predict how
a change in the input will affect the checksum.  Given a modified version
of netscape for example, how would you change some non-critical portion   
of
the code to get the same checksum that the original should have.  I   
suppose
that give n bits of non-critical space in the code, (non-critical meaning
that changing them will have no effect on the execution of the code, and
assuming that you don't want to change the length of the code), that you
could try all possible combinations of those bits, or 2^n trials and
see if you get the correct MD5 checksum.  If you do, then on average   
you'd
actually only have to try 2^(n-1) trials. What if you don't?  What would
you do then?  MD5 produces a 128 bit output, and it would seem likely   
that
this would be hard.  As far as I know there are no known attacks for any
MDx algorithms in spite of Ron's worries about MD4.  It's a subject of
on-going research though, and it is only "conjectured that it is
computationally infeasible to produce two messages having the same
message digest, or to produce any messages having a given prespecified
target message digest." (RFC 1321)  So, if you have newer information,
or pointers to any papers, (other than the ben Boer and Bosselaers   
papers),
could you let me know?

Thanks,

Patrick

   _______________________________________________________________________  

  /  These opinions are mine, and not Verity's (except by coincidence;).   
 \
 |                                                       (\   
               |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have   
      |
 |  patrick@verity.com        1550 Plymouth Street         \\  _ Sword   
    |
 |  Phone : (415)960-7600     Mountain View                 \\/    Will   
   |
 |  FAX   : (415)960-7750     California 94303             _/\\   
    Travel |
  \___________________________________________________________\)__________  
/







Thread