Slashdot Mirror

← Back to Stories (view on slashdot.org)

Practical Exploits of Broken MD5 Algorithm

Posted by CowboyNeal on from the as-news-breaks-so-does-encryption dept.

jose parinas writes "A practical sample of an MD5 exploit can be found, with source code included,in codeproject, a site for .Net programmers. The intent of the demos is to demonstrate a very specific type of attack that exploits the inherent trust of an MD5 hash. It's sort of a semi-social engineering attack. At Microsoft, the MD5 hash functions are banned. The main problem is that the attack is directed to the distribution of software process, as you can understand reading the paper, Considered Harmful Someday. Some open source programs, like RPM, use MD5, and in many open source distributions MD5 is used as check sum."

5 of 253 comments (clear)

  1. hashtrust by gcnaddict · · Score: 4, Interesting

    Now we know why people distribute modified game ISOs on the net and check it with md5 :P In all technicality, couldnt this mean that someone could land a virus on someone else's machine because the person trusted the hash?

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  2. Not a problem for software distribution.. by hhghghghh · · Score: 4, Interesting

    This isn't a problem for software distribution, really, since the good.bin file needs to start with a vector designed to enable a collision. A good-faith programmer wouldn't include that vector.

    It is a problem for stuff like contracts; you draw up two versions of a contract, a good one and an evil one, let someone sign the good one, and later keep them to the clauses in the evil one.

    So while there IS a very big problem, the example is a bit contrived.

  3. Re:H(x) == H(y) - H(x + q) == H(y + q) ? by Ckwop · · Score: 5, Interesting

    Is this true for other popular hash functions?


    No it is not. The newer hashes, such as Whirlpool, do not have this problem. You're correct in saying this is a "well known result" and every cryptographer worth his salt says that this fact constitutes a break of the algorithm. We've known since the middle of the nineties that breaking MD5 was within reach. The fact there has been so much inertia in getting people to change is quite incredible really.


    At Toorcon this year, Dan Kaminsky showed a way to create two different webpages that render properly in a browser but have the same MD5 hash. Anybody who thinks this attack is theortical and ignorable is grossly mistaken.


    Simon


  4. Yadda Yadda by Effugas · · Score: 5, Interesting

    Two pages, same hashes, etc. (This is the guy who wrote the MD5 someday paper.)

    http://www.doxpara.com/t1.html
    http://www.doxpara.com/t2.html

  5. Re:Checksums are always going to be vulnerable by gowen · · Score: 4, Interesting
    It typically takes less than five minutes to break MD5 so it is horribly broken.
    But all that enables you to do is replace an MD5'd file with garbage that happens to have the same MD5 sum. It's hard to deliver a payload when you're limited to tricking a target into downloading what would be (essentially) a random string of ones and zeroes.
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.