Senator Diane Feinstein Wants to know about the Benefits of P2P

Gregory Hicks ghicks at cadence.com
Mon Aug 30 21:33:21 UTC 2004



> Date: Mon, 30 Aug 2004 16:39:56 -0400
> From: Mike Tancsa <mike at sentex.net>
> 
> At 04:12 PM 30/08/2004, Dan Hollis wrote:
> 
> >yep md5 made the news recently because it's been cracked:
> >
> >http://techrepublic.com.com/5100-22-5314533.html
> >http://www.rtfm.com/movabletype/archives/2004_08.html#001055
> 
> Thats a misleading over simplification.  A collision being found implies 
> something different than "its cracked."  A weakness that was theorized 
> sometime ago has been demonstrated in practice.  Finding collisions and 
> altering files in a useful way to produce a duplicate hash are different 
> things.  There are FAR bigger security concerns than this one right now IMHO.
> 
> I recall even seeing posts about people claiming this meant original data 
> being reconstructed from the checksum!  That would be truly amazing since I 
> could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!

Actually...  

The "collision" problem discovered means that there might be MULTIPLE 680MB 
files that give the same checksum.  

Of course, the utility of most of these files would be an exercise left to the 
'cracker' if you were looking for an OS patch but ended up with the contents of 
an encyclopeida.

Regards,
Gregory Hicks

-------------------------------------------------------------------
I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton





More information about the NANOG mailing list