MD5 and SHA cracked/broken...

Sam Holden sholden at flexal.cs.usyd.edu.au
Mon Sep 13 04:58:29 CEST 2004


On 12 Sep 2004 19:46:52 -0700, Paul Rubin <> wrote:
> Kirk Job-Sluder <kirk at eyegor.jobsluder.net> writes:
>> It should also be mentioned that "broken" in terms of Cryptography is a
>> bit different from how we think about computer security in general.
>> "Broken" in this case means that there exists a known algorithm that
>> makes it easier than a brute force attack to violate one or more of the
>> desired properties for a good hash algorithm.  It DOES NOT mean that a
>> practical exploit exists for MD5 that permits one to slip a trojan into
>> downloaded files or crack a password file.  There are easier ways to
>> plant a trojan than to create an identical MD5 hash, or crack a password
>> file than to try to break preimage resistance.  
>
> You don't need preimages to plant a trojan.  If you can create mere
> collisions, you can create two files, one with a trojan and one
> without a trojan, that have the same md5sum.  You publish the
> non-trojan one, people inspect it carefully and start using it, and
> download sites say that its md5sum should be so-and-so.  Now you can
> replace the non-trojan file with the trojan version and the md5sum
> will still verify.

Creating a collision between a "useful" file which people can
examine and use and a "trojan" file which does "bad things" is
significantly more difficult than creating two files whose
MD5 sums collide but whose contents are essentially "random".

-- 
Sam Holden



More information about the Python-list mailing list