Re: SSH2 Encryption

To: debian-security@lists.debian.org
Subject: Re: SSH2 Encryption
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Fri, 14 Jun 2002 02:29:32 -0300
Message-id: <[🔎] 20020614022932.A31782@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20020613103815.GA705@satai.ath.cx>
References: <[🔎] 005401c210a2$1653c410$0200a8c0@JEFF> <[🔎] 20020613033028.B29362@llama.nslug.ns.ca> <[🔎] 20020613103815.GA705@satai.ath.cx>

On Thu, Jun 13, 2002 at 12:38:15PM +0200, Sergio Rodr?guez de Guzm?n Mart?nez wrote:
> peter@llama.nslug.ns.ca (2002-06-13 at 0330.28 -0300):
> > 
> >  Yes.  MD5 has had some very minor breaks.  It is easier to find
> > hash collisions than it should be.  This means that it is possible to find
> > two messages that hash to the same value.  You need to choose _both_
> > messages, so this doesn't help you e.g. make trojan binaries that have the
> > same MD5 hash as the originals.
> >
> 
> MD5 generates a hash of 128 bits so the probability of finding a
> collision is 1/(2^128). So it seems that it is not so easy to find such
> a collision.

 It is possible to do better than those odds when dealing with MD5, if you
get to choose both messages.  That's why I said MD5 has had some breaks
against it;  Cryptanalysis has resulted in an improvement over random
selection of message pairs for generating collisions.

> 
> Of course SHA is more secure, it generates a hash of 160 bits so the
> probability of finding a collision is lower than MD5.

 We were talking about MD5-96 and SHA1-96 message authentication codes for
the SSH protocol.  I'm assuming that MD5-96 means that 96 bits of the MD5
hash are used, not all 128.  Same goes for SHA-1.  Since the same number of
bits is used, the strength against brute force collision-generation attempts
is equal.  MD5 should be considered less secure than SHA-1 because of the
breaks found in it so far.  AFAIK, there is no way to speed up finding a
collision for a given message, but it is reasonable to assume that the
likelihood of one being found is greater than for SHA-1.

 BTW, you shouldn't say "of course".  Producing a longer hash is not all
there is to making a secure hash function.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- SSH2 Encryption
  - From: "Jeff Bonner" <jeff@integralogic.com>
- Re: SSH2 Encryption
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: SSH2 Encryption
  - From: Sergio =?unknown-8bit?q?Rodr=EDguez_de_Guzm=E1n_Mart=EDnez?= <sguzman@inicia.es>

Prev by Date: Re: Quality of security assurance with Debian vs. RedHat vs. SuSE
Next by Date: Questions on Sysloging with a DMZ
Previous by thread: Re: SSH2 Encryption
Next by thread: Re: SSH2 Encryption
Index(es):
- Date
- Thread