nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MD5 is insecure

From: brent saner via NANOG <nanog () lists nanog org>
Date: Sun, 31 Aug 2025 17:03:21 -0400
On Sun, Aug 31, 2025, 16:39 Krassimir Tzvetanov via NANOG <
nanog () lists nanog org> wrote:


When we talk about SSH, complexity explodes, because you need to find an
MD5 collision that is also a "collision" with the public key (which means
both have to have the same moduly). To say it simpler, you will have to
calculate multiple MD5 collisions and test each one of them if it can
satisfy the public key.



Normally, yes. But unless I read the email incorrectly, the problem is IOS
just uses an MD5 of the key sent by the client and verdicts auth *based on
the checksum match*. If it matches, it just uses the key the client sent.

Which means if IOS does no pubkey packet length validation, you no longer
need to generate a keypair that has a pubkey that collides on MD5. You just
need a blob that collides with that hash, and will *truncate* to a key you
control. Which is much easier to collide.




_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/IUQM7XINQCAG6IW2HLKDI6RP2OSKCK6K/
Previous By Date Next
Previous By Thread Next

Current thread: