On Mon, 14 Oct 2002 17:04:37 EDT, Tony said: > Does anyone have a reference/link to any well known md5 vulnerabilities. > I remeber reading something about them awhile back but couldn't google > up anything. Also , are there any arguements *against* using md5? Should > persons be using sha1 instead ? As far as I know, nobody has managed to produce an actual MD5 hash collision. Unless there's a *really major* break, which would be Big News, the resources needed to exploit md5 itself are *waaay* past any that any attacker might have access to. The *BIG* vulnerability is the same as it's always been - if the attacker can replace the foobar.tar.gz file with a trojaned copy, they can replace the plaintext file that has the checksums in it too. A bigger worry is that people won't even bother checking - a little birdie told me that the recent Sendmail trojan was out there for a week mostly because *nobody bothered checking the md5sum*. Bottom line - given current state-of-the-art, even *IF* there exists somebody who can actually exploit MD5 itself, it would be much easier for them to arrange things so you were comparing the trojaned file against a trojaned checksum.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 10:41:21 PDT