Report of collision-generation with MD5
Peter C. Lai
sirmoo at cowbert.net
Wed Aug 18 11:24:33 PDT 2004
On Wed, Aug 18, 2004 at 02:21:18PM -0400, Mike Tancsa wrote:
> At 01:58 PM 18/08/2004, Peter C. Lai wrote:
> >Well while collisions are cryptographically significant, they don't
> >necessarily impact any operational security of the the hash. (Since the
> >collision merely means that there are possibly two inputs which will hash
> >the same digest).
> As I have no crypto background to evaluate some of the (potentially wild
> and erroneous) claims being made in the popular press* (eg
> http://news.com.com/2100-1002_3-5313655.html see quote below), one thing
> that comes to mind is the safety of ports. If someone can pad an archive
> to come up with the same MD5 hash, this would challenge the security of the
> FreeBSD ports system no ?
Yes that is the potential worry. But if you step back from cryptography for
a minute and look at information theory, it would only matter if changes
to an archive are meaningful to the attacker. Since I am not an expert
in information theory, I can't calculate how likely it is that a significant
(meaningful content alteration) change to the archive can result in one
which causes a collision. The necessary changes that have to be made to the
archive to generate the same hash may prevent it from being untar'd or the
build to break, or something similar. It is probably still more likely that
an attacker would alter an archive and then attempt to change the reported
hash in the INDEX to that of the new hash. Then again, everything I'm saying
is pure speculation.
> * "MD5's flaws that have been identified in the past few days mean that an
> attacker can generate one hash collision in a few hours on a standard PC.
> To write a specific back door and cloak it with the same hash collision may
> be much more time intensive. "
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
More information about the freebsd-security