Slashdot Mirror

← Back to Stories (view on slashdot.org)

Practical Exploits of Broken MD5 Algorithm

Posted by CowboyNeal on from the as-news-breaks-so-does-encryption dept.

jose parinas writes "A practical sample of an MD5 exploit can be found, with source code included,in codeproject, a site for .Net programmers. The intent of the demos is to demonstrate a very specific type of attack that exploits the inherent trust of an MD5 hash. It's sort of a semi-social engineering attack. At Microsoft, the MD5 hash functions are banned. The main problem is that the attack is directed to the distribution of software process, as you can understand reading the paper, Considered Harmful Someday. Some open source programs, like RPM, use MD5, and in many open source distributions MD5 is used as check sum."

3 of 253 comments (clear)

  1. Re:So if you need a freely available hash algorith by MaGogue · · Score: 0, Redundant

    Unfortunately there is no way of guaranteeing they wont be found next month.

  2. Re:So if you need a freely available hash algorith by amodm · · Score: 0, Redundant

    pardon me if i might sound redundant or ignorant, but why shouldn't md5 be considered a free algorithm ?

  3. sha1 creaky at the edges by samjam · · Score: 0, Redundant

    sha1 creaky at the edges, which, AFAIK is used by GIT.

    Perhaps SCO will get their source code into the kernel by financing SHA1 collisions?

    Sam

    --
    blog.sam.liddicott.com