On Mon, 14 Oct 2002 17:04:37 EDT, Tony said:
> Does anyone have a reference/link to any well known md5 vulnerabilities.
> I remeber reading something about them awhile back but couldn't google
> up anything. Also , are there any arguements *against* using md5? Should
> persons be using sha1 instead ?
As far as I know, nobody has managed to produce an actual MD5 hash collision.
Unless there's a *really major* break, which would be Big News, the resources
needed to exploit md5 itself are *waaay* past any that any attacker might have
access to. The *BIG* vulnerability is the same as it's always been - if the
attacker can replace the foobar.tar.gz file with a trojaned copy, they can
replace the plaintext file that has the checksums in it too. A bigger worry
is that people won't even bother checking - a little birdie told me that the
recent Sendmail trojan was out there for a week mostly because *nobody bothered
checking the md5sum*.
Bottom line - given current state-of-the-art, even *IF* there exists somebody who
can actually exploit MD5 itself, it would be much easier for them to arrange
things so you were comparing the trojaned file against a trojaned checksum....
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
- application/pgp-signature attachment: stored
Received on Oct 15 2002
Intro
