Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MD5 To Be Considered Harmful Today
From: Pavel Machek <pavel () ucw cz>
Date: Wed, 8 Dec 2004 23:40:19 +0100

Hi!

:~/misc/md5$ cat msg1
I agree to sell you my horse ^Fita^, its saddle and harness for price   
14000 dollars. Signed Bara



Except you can't do this, since the appended data needs to be identical 
between the two files.  That's why I used the encrypted payload -- it 
ties the semantic meaning of the embedded commands to posession of 
vec1's series of bits, which is of course what a cipher is meant to do.

Your payloads differ but the above line is incorrect.  Your actual 
appended files:

$ cat msg1
[terminal garbage]I agree to sell you my horse ^Fita^, its saddle and 
harness for price   1 000 dollars. Signed Bara

$ cat msg2
[slightly different terminal garbage]I agree to sell you my horse 
^Fita^, its saddle and harness for price   1 000 dollars. Signed Bara

Actually, no, it is not. Try catting it on linux console. It takes
the garbage, overwrites it with ^Hs, then writes ... "its saddle and
harness for price   1", then shifts cursor right (over 4 or `,
depending on first block), then continues with "000 dollars".

My trick does *not* work in Gnome Terminal (I've just verified
it). You need actuall linux console, press ctrl-alt-F1 on most distros
to get to one... but if you tell me what terminal you use, I can
probably create terminal sequence that works there...
                                                                Pavel
-- 
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]