will lunar switch from md5sum's
Hendrik Visage
hvisage at envisage.co.za
Thu Aug 19 06:46:48 GMT 2004
On Wed, Aug 18, 2004 at 08:39:13PM -0400, Dennis Veatch wrote:
> Are the lunar devs going to consider moving from md5sum to something else?
>
> http://news.com.com/Crypto+researchers+abuzz+over+flaws/2100-1002_3-5313655.html
<quote>
To write a specific back door and cloak it with the same hash collision may be much more time intensive.
</quote>
When you have just a bunch of pure data bits, you'll be able to generate
hash collisions for any given hash. Hashes have collisions by design and
by nature. Simply put, for a piece data size 2^129 bits long, there will be
at least 2^128+1 values that have hash collisions with a hash size of 2^128
(like MD5).
Even worse, a data piece of size 2^8196 (That means a 1kilo byte text) have
at least 2^8196 -2^128 +1 hash collisions.
To understand the ultimate risk, you'll have to understand the ease of
generating a valid piece of code, still the same exact lenght as the original,
and *that* to have the same hash value. Yes, these research papers showed it
easier than we expected, but still they haven't shown it possible with
multi megabyte files compressed files to be able to exploit the system and
inject/remove valuable code.
The risk is still not so big to worry about it if it's done properly, ie.
you do the hash on the compressed data, and not the source code, as you add
an extra layer of complexity, as the cracker needs to know find a valid
gzip/bzip2 file that have a hash collision with the original, *and* that have
a valid source code that have a backdoor in it. Not impossible, but in my
opinion much less likely.
Hendrik
More information about the Lunar
mailing list