[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: MD5 weakness ? [was Re: Netscape Log

I have unsubscribed from this mailing list. Please remove my name from   
your personal address lists. Thanks.


From:  Steve Bryan[SMTP:[email protected]]
Sent:  Tuesday, October 24, 1995 3:08 PM
To:  Dr. Frederick B. Cohen
Cc:  cypherpunks
Subject:  Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by   

Dr. Frederick B. Cohen writes:

>In the case of the trust being placed in MD5 by Netscape, the assumption
>being made (without adequate support as far as I can tell) is that an
>MD5 checksum cannot be forced, through a chosen plaintext attack, to
>yield checksums of 1, 2, 3, 5, 7, 9, ...  on up to enough primes to
>allow the known plaintext attack that gets the RSA private key used to
>authenticate messages.  As far as I am aware (and I may not be aware of
>everything) there is no reference work to support this assumption.  If
>the assumption is wrong, then the whole SSL can fall to a selected
>plaintext attack launchable (presumably) through those general purpose
>Java aplets we have heard so much about.

With a mailing list this large and diverse one can reasonably assume a   
 of interests and expertise. What I don't understand is your agnostic   
 on something as apparently basic as MD5. If computer security is your
 purported area of expertise why have you not reached any firm   
 about it? I understand that rigid conclusions are unsafe (eg they'll   
 prove Fermat's last theorem) but it is not like every question is   
 open. Do you have a realistic attack on MD5 or is this sophomoric   
 How do you propose to generate messages with specific message digests?
 Assuming you could somehow, how do you proceed to use that information   
 your advantage? So let's say I have a message digest and I'm retrieving   
 allegedly corresponding message which you have the opportunity to alter   
 your heart's content. How would you proceed, even in principle, to   
 MD5? I realize I might be assuming too much when I posit that I have the
 true MD5 for the message but my understanding is that you feel that MD5
 might be vulnerable. I've given you all the known plaintexts. Is there a
 next step?

|Steve Bryan                Internet: [email protected]
|Sexton Software          CompuServe: 76545,527
|Minneapolis, MN                 Fax: (612) 929-1799
|PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D  E1 8C A6 9B A9 BE 96 CB