Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote:
> Bas Steendijk wrote:
> > 2 files with a colliding hash can only be made by someone who can
> > influence the creation of the file (thus, someone inside debian). he can
> > make a "good" and a "bad" version of a package with the same MD5, and
> > the same size. for someone to make a file with the same hash without
> > influence in the creation of the original file would be a preimage attack.
> Yeah, but remember that the "bad" version must also be a valid .deb file with
> something inside that does work; otherwise you may just be able to get some
> random stuff with the same file size and md5 sum but without any use.
> P.S. I'm not saying it is impossible (I actually don't know, but let's assume
> that it is), but chances aren't high.
It (generating good and bad package with colliding sum) is actually
easier than one might think. The reason is that you can embed any kind
of binary blob inside an executable and make the executable behavior
dependent on the "version" of the blob.
This is shown here for example:
It was explained nicely in the "two PostScript files with identical MD5
hash" demo, but I cannot find it now.
Marcin Owsiany <email@example.com> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216