1995-10-25 - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

Header Data

From: Mark <mark@lochard.com.au>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: abed95582ecba6edc95f2014d49199cde88fbaddcb9c2c21e4e069122661d432
Message ID: <199510242256.AA20036@junkers.lochard.com.au>
Reply To: <9510241442.AA12411@all.net>
UTC Datetime: 1995-10-25 00:16:29 UTC
Raw Date: Tue, 24 Oct 95 17:16:29 PDT

Raw message

From: Mark <mark@lochard.com.au>
Date: Tue, 24 Oct 95 17:16:29 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
In-Reply-To: <9510241442.AA12411@all.net>
Message-ID: <199510242256.AA20036@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>As to weaknesses, I seem to remember that someone managed to forge a
>modification to a program used to observe networks on a Sun so that it
>had the same MD5 checksum as the official trusted version.  But whether
>this is real is not strictly the issue. 

From memory that particular attack had more to do with altered operating
systems which reported back the correct information than anything to do with
a md5 hole. It is much easier to tell a program to say "abcdef" than it is
to come up with a series of bits that hash to the same md5 result as another
series of bits.

Keep trying Fred... you may get somewhere one day.

Mark
mark@lochard.com.au




Thread