1995-10-25 - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

Header Data

From: Mark <mark@lochard.com.au>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: abed95582ecba6edc95f2014d49199cde88fbaddcb9c2c21e4e069122661d432
Message ID: <199510242256.AA20036@junkers.lochard.com.au>
Reply To: <9510241442.AA12411@all.net>
UTC Datetime: 1995-10-25 00:16:29 UTC
Raw Date: Tue, 24 Oct 95 17:16:29 PDT

Raw message

From: Mark <mark@lochard.com.au>
Date: Tue, 24 Oct 95 17:16:29 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
In-Reply-To: <9510241442.AA12411@all.net>
Message-ID: <199510242256.AA20036@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>As to weaknesses, I seem to remember that someone managed to forge a
>modification to a program used to observe networks on a Sun so that it
>had the same MD5 checksum as the official trusted version.  But whether
>this is real is not strictly the issue. 

From memory that particular attack had more to do with altered operating
systems which reported back the correct information than anything to do with
a md5 hole. It is much easier to tell a program to say "abcdef" than it is
to come up with a series of bits that hash to the same md5 result as another
series of bits.

Keep trying Fred... you may get somewhere one day.

Mark
mark@lochard.com.au

Thread

• Return to October 1995

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Aleph One <aleph1@dfw.net>”
• Return to “Andy Brown <asb@nexor.co.uk>”
• Return to “anonymous-remailer@shell.portal.com”
• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “hallam@w3.org”
• Return to “Jeff Barber <jeffb@sware.com>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Jon Mittelhauser <jonm@netscape.com>”
• Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
• Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
• Return to “Mark <mark@lochard.com.au>”
• Return to “Matt Blaze <mab@crypto.com>”
• Return to “Nesta Stubbs <nesta@cynico.com>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Ray Cromwell <rjc@clark.net>”
• Return to “roy@cybrspc.mn.org (Roy M. Silvernail)”
• Return to “sameer <sameer@c2.org>”

• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• 1995-10-22 (Sun, 22 Oct 95 14:10:05 PDT) - Netscape Logic Bomb detailed by IETF - anonymous-remailer@shell.portal.com
  • 1995-10-23 (Mon, 23 Oct 95 06:44:11 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
    • 1995-10-23 (Mon, 23 Oct 95 07:16:40 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
      • 1995-10-23 (Mon, 23 Oct 95 08:01:02 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Josh M. Osborne” <stripes@va.pubnix.com>
        • 1995-10-24 (Tue, 24 Oct 95 02:32:25 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-24 (Tue, 24 Oct 95 06:50:39 PDT) - Re: Netscape Logic Bomb detailed by IETF - Aleph One <aleph1@dfw.net>
            • 1995-10-24 (Tue, 24 Oct 95 08:52:20 PDT) - Does your software? - fc@all.net (Dr. Frederick B. Cohen)
              • 1995-10-24 (Tue, 24 Oct 95 10:10:53 PDT) - Re: Does your software? - Jeff Barber <jeffb@sware.com>
                • 1995-10-24 (Tue, 24 Oct 95 10:50:17 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                  • 1995-10-25 (Wed, 25 Oct 95 06:33:11 PDT) - Re: Does your software? - Andy Brown <asb@nexor.co.uk>
                    • 1995-10-25 (Wed, 25 Oct 95 10:25:00 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-24 (Tue, 24 Oct 95 16:01:55 PDT) - Re: Does your software? - Jon Mittelhauser <jonm@netscape.com>
                  • 1995-10-25 (Tue, 24 Oct 95 21:40:12 PDT) - Re: Does your software? - Simon Spero <ses@tipper.oit.unc.edu>
                    • 1995-10-25 (Wed, 25 Oct 95 03:52:48 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-25 (Tue, 24 Oct 95 17:24:50 PDT) - Re: Does your software? - Jeff Weinstein <jsw@netscape.com>
                  • 1995-10-25 (Wed, 25 Oct 95 04:22:42 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                    • 1995-10-25 (Wed, 25 Oct 95 06:55:27 PDT) - Re: Does your software? - Adam Shostack <adam@homeport.org>
                      • 1995-10-25 (Wed, 25 Oct 95 07:09:01 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                      • 1995-10-25 (Wed, 25 Oct 95 09:05:14 PDT) - Re: Does your software? - Aleph One <aleph1@dfw.net>
              • 1995-10-24 (Tue, 24 Oct 95 15:39:02 PDT) - Re: Does your software? - Ray Cromwell <rjc@clark.net>
                • 1995-10-24 (Tue, 24 Oct 95 15:54:11 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
        • 1995-10-24 (Tue, 24 Oct 95 07:29:09 PDT) - MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
          • 1995-10-24 (Tue, 24 Oct 95 07:46:20 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 09:32:07 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Andy Brown <asb@nexor.co.uk>
            • 1995-10-24 (Tue, 24 Oct 95 10:15:03 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - hallam@w3.org
              • 1995-10-24 (Tue, 24 Oct 95 12:02:35 PDT) - Hash collisions [was Re: MD5 weakness ? …] - Matt Blaze <mab@crypto.com>
            • 1995-10-25 (Tue, 24 Oct 95 17:16:29 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Mark <mark@lochard.com.au>
          • 1995-10-24 (Tue, 24 Oct 95 08:54:39 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - futplex@pseudonym.com (Futplex)
            • 1995-10-24 (Tue, 24 Oct 95 13:04:15 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 16:38:31 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - “Perry E. Metzger” <perry@piermont.com>
          • 1995-10-24 (Tue, 24 Oct 95 10:46:44 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
        • 1995-10-24 (Tue, 24 Oct 95 08:27:53 PDT) - Re: Netscape Logic Bomb detailed by IETF - Jeff Weinstein <jsw@netscape.com>
          • 1995-10-24 (Tue, 24 Oct 95 09:28:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - sameer <sameer@c2.org>
      • 1995-10-23 (Mon, 23 Oct 95 08:32:06 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
      • 1995-10-23 (Mon, 23 Oct 95 12:13:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - futplex@pseudonym.com (Futplex)
      • 1995-10-25 (Tue, 24 Oct 95 20:02:23 PDT) - Re: Netscape Logic Bomb detailed by IETF - Nesta Stubbs <nesta@cynico.com>
  • 1995-10-24 (Mon, 23 Oct 95 17:31:07 PDT) - Re: Netscape Logic Bomb detailed by IETF - roy@cybrspc.mn.org (Roy M. Silvernail)