[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

>>As to weaknesses, I seem to remember that someone managed to forge a
>>modification to a program used to observe networks on a Sun so that it
>>had the same MD5 checksum as the official trusted version.  But whether
>>this is real is not strictly the issue. 

There was a program that forged CRC checksums that came out a couple years back,
letting you create a Trojan Horse and modify it to match Unix "sum" checksums
by adding junk to the end.  I'd be extremely surprised if anyone did this
with MD5;
CRCs are invertable, and generally short enough to brute-force as well.
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281