[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On Tue, Dec 26, 2000 at 05:37:54PM +0100, Christian Kurz wrote:
> On 00-12-26 Rainer Weikusat wrote:
> > Christian Kurz <shorty@debian.org> writes:

> > ... blah blah blah ...

 Let's stop arguing about this.  Instead of flaming anyone, I'll try to
state the relevant facts, since this argument is only happening because not
all of us are aware of them.  Christian, you've pointed out that people
have produced collisions in MD5.  This is a Bad Thing for MD5, but it isn't
a real break against MD5.  It means that you can find two messages that hash
to the same value.  To do so, you _have_ to choose both messages yourself.
If one of the messages is /bin/su, you are almost certainly out of luck.
Nobody has figured out how to make another message that collides with a
given message.  It only works if they create _both_ messages.

> > | and on the other hand you modify binaries so that the md5sum will
> > | still be the same.
> >  
> > While this doesn't make any sense in the given context (see above),
> > I'd translate it to: "Man kann ein binary so verändern, daß der
> > MD5-Hash gleich bleibt."

 I don't know German, sorry, but I think we are all interpreting the
statement as: it is possible to modify e.g.  /bin/su  so that the MD5 hash
of it will be the same, without attacking the place where the known-good
hash values are stored.
> Why do you think that it doesn't make any sense?

 It makes sense, but it is a bold claim.  As I said above, nobody has
done this yet, and if they did, it would put MD5 in the same league as CRC,
a useful error-detection code, but not a cryptographically secure hash.  It
would allow attacks on a whole lot of stuff that uses MD5 as a secure hash.
As things are now, nobody has broken MD5.  It has been shown that MD5 has
weaknesses, which means it isn't as strong as it was supposed to be, and
gives hope (or fear!) that it might be breakable.  For new designs, it is
probably a good idea to use something other than MD5, but MD5 is currently
safe.  Migrating to something stronger is probably a good idea if it can be
done easily.

> > So, either reformulate that in the way you really meant it or give
> > some evidence to support it or put your head into a bathtub filled
> > with cold water and try to cool of or little.
> As I wrote in my previous mail. If you want to flame someone, search for
> a better target. EOD. 

 I think you deserved that flame.  You did claim that MD5 had been broken, but
no break of this variety has been published, by you or anyone else.
However, I think this was due to an an honest mistake on your part, 
since most people spend their time getting other stuff done, instead of
learning about crypto.

 (If I screwed up any facts in the above, somebody please correct me.  If I
didn't, then I don't think there is anything more to flame anyone about,
except me, for being so presumptuous as to try to cut off a flame war!)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: