1995-10-24 - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

Header Data

From: Steve Bryan <sbryan@maroon.tc.umn.edu> (Steve Bryan)
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: bec4a5237d868b26f817a5fb488eab793d1742f650e5a11f3692c4466516e561
Message ID: <v02130502acb2c07e0758@[204.221.10.130]>
Reply To: N/A
UTC Datetime: 1995-10-24 20:05:51 UTC
Raw Date: Tue, 24 Oct 95 13:05:51 PDT

Raw message

From: Steve Bryan <sbryan@maroon.tc.umn.edu> (Steve Bryan)
Date: Tue, 24 Oct 95 13:05:51 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
Message-ID: <v02130502acb2c07e0758@[204.221.10.130]>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Frederick B. Cohen writes:

>In the case of the trust being placed in MD5 by Netscape, the assumption
>being made (without adequate support as far as I can tell) is that an
>MD5 checksum cannot be forced, through a chosen plaintext attack, to
>yield checksums of 1, 2, 3, 5, 7, 9, ...  on up to enough primes to
>allow the known plaintext attack that gets the RSA private key used to
>authenticate messages.  As far as I am aware (and I may not be aware of
>everything) there is no reference work to support this assumption.  If
>the assumption is wrong, then the whole SSL can fall to a selected
>plaintext attack launchable (presumably) through those general purpose
>Java aplets we have heard so much about.

With a mailing list this large and diverse one can reasonably assume a range of interests and expertise. What I don't understand is your agnostic stance on something as apparently basic as MD5. If computer security is your purported area of expertise why have you not reached any firm conclusions about it? I understand that rigid conclusions are unsafe (eg they'll never prove Fermat's last theorem) but it is not like every question is equally open. Do you have a realistic attack on MD5 or is this sophomoric claptrap? How do you propose to generate messages with specific message digests? Assuming you could somehow, how do you proceed to use that information to your advantage? So let's say I have a message digest and I'm retrieving the allegedly corresponding message which you have the opportunity to alter to your heart's content. How would you proceed, even in principle, to defeat MD5? I realize I might be assuming too much when I posit that I have the true MD5 for the message but my understanding is that you feel that MD5 might be vulnerable. I've given you all the known plaintexts. Is there a next step?

+----------------------------------------------------------------------
|Steve Bryan                Internet: sbryan@gofast.net
|Sexton Software          CompuServe: 76545,527
|Minneapolis, MN                 Fax: (612) 929-1799
|PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D  E1 8C A6 9B A9 BE 96 CB
+----------------------------------------------------------------------







Thread