[Linuxtrent] Re: [Fwd: more MD5 colliding examples]
- From: Flavio Visentin <THe_ZiPMaN@xxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxx
- Date: Sun, 04 Dec 2005 23:18:43 +0100
Matteo Ianeselli wrote:
> Se non capisco male, il pericolo più immediato è che qualcuno ti dia
> maliziosamente un programma o dei dati "innocui", che hanno un certa
> dimensione ed un certo md5sum, e che poi questi possano essere
> sostituiti da programmi/dati non "innocui", ma non te ne accorgeresti
> facilmente perché md5sum, dimensioni & soci non cambierebbero.
Esatto.
Ecco un esempio concreto (anche se un po' tirato) tratto da bugtraq; in
allegato trovi i messaggi originali collidenti:
-----------------------------------------------------------------------
Hi!
>> I've been doing some analysis on MD5 collision announced by Wang et al.
>> Short version: Yes, Virginia, there is no such thing as a safe hash
>> collision -- at least in a function that's specified to be
>> cryptographically secure. The full details may be acquired at the
>> following link:
Yes, nice paper, and here you have nice story:
Okay, lets have two friends and one horse. Let's say Pavel and
Bara. Bara owns a horse, and needs money, so she wants to sell
it. Horse has some problems with its back, and Bara would be willing
to sell it for around $1300. Therefore she's quite surprised when
Pavel offers her $14000, and agrees immediately.
From: Pavel
To: Bara
Hi!
I'd like to buy Fita. If you accept my offer (msg1), just sign and
send it back.
:~/misc/md5$ cat msg1
I agree to sell you my horse ^Fita^, its saddle and harness for price
14000 dollars. Signed Bara
:~/misc/md5$ md5sum msg1
57ce330a6c6ca8e9ffab4f3b36b2a1a5 msg1
:~/misc/md5$
(Bara signs msg1 and sends it back to Pavel). Two days later, Pavel
comes with a car, and $1000. Bara denies she offered Fita for $1000,
but can not find copy of the e-mail exchange. Fortunately Pavel has a
copy with him, digitaly signed by Bara. They view it on her computer,
and verify the signatures. At that point Bara agrees she probably made
a mistake, and accepts $1000...
:~/misc/md5$ cat msg2
I agree to sell you my horse ^Fita^, its saddle and harness for price
1´000 dollars. Signed Bara
:~/misc/md5$ md5sum msg2
57ce330a6c6ca8e9ffab4f3b36b2a1a5 msg2
:~/misc/md5$
(With apologies to Bara; let's hope she'll never find out).
Pavel
PS: I tried it on linux console, and it does some nasty terminal
tricks. Of course, if Bara investigated, she'd probably found out
how...
-- People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
--
Flavio Visentin
| \|||/
| @/0.0\@
| \ - /
+------------------oOOo---oOOo------------------
There are only 10 types of people in this world:
those who understand binary, and those who don't.
GPG Key: http://www.zipman.it/gpgkey.asc
Other related posts: