Le quintidi 5 ventôse, an CCXXIV, Darac Marjal a écrit :
> It's difficult to provide a malicious ISO with the same MD5 as another, but
> not impossible. You can just append a certain amount of junk data until the
> hashes match. Similarly, you CAN do the same with SHA-1 (hash collisions ARE
> possible, but extraordinarily hard).
>
> However, if you have to match an existing SHA-1 hash *and* you have to keep
> the length the same *and* the file has to be coherent enough to work
> (presumably the hacker's intention was to infect a target system with this
> ISO), then your chances of success are essentially zero.
You are quite wrong about the properties of hash functions. Let me correct.
If you have thousands of years of computing power at your disposal, you can
brute-force anything, of course.
If you know of a theoretical attack that nobody else knows, please share it
with the community.
Otherwise, what you write is not true.
For MD5, which has been known to be broken for a long time, cryptographers
know how to generate two useful files with the same MD5, as long as they can
control enough octets near the beginning. But the files have to be generated
together. And that is all.
Matching an existing MD5 ("preimage attack") is not currently possible, and
for SHA-1, nobody knows of a single collision, nobody knows two actual files
with the same SHA-1, let alone knows how to generate them. Both hashes have
weaknesses, but that only means brute-force will take thousands of years
instead of millions.
For now, both MD5 and SHA-1 effectively protect against tampered files. The
only known possible attack is with MD5 if the attacker can control both
files: a harmless one whose MD5 is certified by a third party and a harmful
one with the same MD5.
Of course, that does not mean MD5 and SHA-1 should be used nowadays. New
theoretical attacks are found, keeping using hashes with known weaknesses is
stupid. And of course, to avoid malicious tampering, cryptographic
signatures would be much better than plain hashes.
Regards,
--
Nicolas George
Attachment:
signature.asc
Description: Digital signature