[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: MD5 weakness ? [was Re: Netscape Log
I have unsubscribed from this mailing list. Please remove my name from
your personal address lists. Thanks.
ahg3
----------
From: Laurent Demailly[SMTP:[email protected]]
Sent: Tuesday, October 24, 1995 6:45 PM
To: Dr. Frederick B. Cohen
Cc: cypherpunks
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by
IETF]
<grrrrrrr>
Frederick B. Cohen writes:
> > > [...] uses an MD5 checksum which the members
> > > of this list seem to place unlimited trust in (incorrectly in my
view,
> > > but that would be picking two nits with one keyboard entry).
[me]> Can you elaborate WITH FACTS on the supposed weakness of MD5 ?
**********
I wonder what is your definition of facts...
> I didn't say that there were any weaknesses in MD5, all I said was:
> "unlimited trust ... (incorrectly in my view...)"
>
> The lack of adequate demonstration of strength is not the same as a
> weakness. It represents only a lack of adequate assurance for placing
> more than a certain amount of trust in MD5 for the purpose it is being
> used to accomplish.
>
> As to weaknesses, I seem to remember that someone managed to forge a
> modification to a program used to observe networks on a Sun so that it
> had the same MD5 checksum as the official trusted version. But
whether
This is absolute bullshit with a probability of (2^128-1)/2^128
> this is real is not strictly the issue.
On the contrary real things should be the issue... not random thoughts
> In the case of the trust being placed in MD5 by Netscape, the
assumption
> being made (without adequate support as far as I can tell) is that an
because you can't tell 1+1=2 doesn't imply people have to worry...
> MD5 checksum cannot be forced, through a chosen plaintext attack, to
> yield checksums of 1, 2, 3, 5, 7, 9, ... on up to enough primes to
> allow the known plaintext attack that gets the RSA private key used to
> authenticate messages. As far as I am aware (and I may not be aware
of
> everything) there is no reference work to support this assumption. If
The fact that you obviously didn't take the time to do any
search/reading on the subject does not allow you to go on with mad
assumptions...
> the assumption is wrong, then the whole SSL can fall to a selected
> plaintext attack launchable (presumably) through those general purpose
> Java aplets we have heard so much about.
FYI, ( false => false ) is a true expression... starting from false
assumption you can demonstrate *anything*
{ if 1+1!=2, lots of things "fall"}
[me]> [btw who talked about 'unlimited' trust ?]
> There has been no limit given by anyone on this list to the level of
> trust they place in MD5. Several people have posted (without
> contention) that MD5 is sufficiently trustworthy to trust billions of
> dollars in commerce to it's being able to prevent a selected plaintext
> attack as eluded to above. If you think we should trust it, and you
> don't limit your assessment of trust, what other assumption should I
> make? If several people proclaim that trust and nobody stands up in
> disagreement, tacit agreement is my normal (although not necessarily
> justified) assumption.
AGAIN, the limit is 2^128 computer operations (as I quoted from the rfc
days ago), which is imo certainly NOT the weakest part of the security
chain...
Do you actually read anything people are mailing or writing ?
</grrrrrrr>
sorry again, I feel tested...
dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...
Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent
soixante
sept
cracking SEAL Team 6 counter-intelligence DES Pasqua Qaddafi class
struggle