System cracked, notes from similar incident a year ago
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Tue May 27 07:57:44 EDT 2003
On Tue, May 27, 2003 at 01:31:10AM -0400, Derek Martin wrote:
> > md5sum --check md5list1.txt | grep -i failed > diff.txt
> >
> > I've tried tripwire but found the above much easier to do & understand.
>
> Easier yes, but also far, far less reliable. It is far from
> impossible to modify a file such that its MD5 checksum remains the
> same; after all, it's just a hash function. It's not even that hard,
> if you understand how the hash function works. I understand it is
> even possible, though much harder, to (usefully) modify the file such
> that neither the checksum nor the file size is modified...
Well... because there is no non-brute-force method currently known for
creating a collision in MD5, you would need to calculate about 2^64
hashes in order to have a 50% chance of finding one. The proposal for
Distributed.Net estimates this will take about 2 years.
So, yes, one might think that MD5 is possibly vulnerable, but not to the
sort of attack that a random script-kiddy will be able to carry out.
(More worrying though, would be to mount an attack on a binary that has
come from the source distribution, and thus can be expected to be the
same on many machines. Getting a useful "MD5-twin" of, say, gcc as
distributed by Red Hat, would be nasty.
Of course, the fix would be either to compile it yourself, or to get a
different version of the binary...)
If you don't trust MD5, then SHA-1 has not yet exposed any
vulnerabilities except brute force, and SHA-256, SHA-384, and SHA-512
have been proposed to counter exactly that argument.
-dsr-
--
Network engineer / pre-sales engineer available in the Boston area.
http://tao.merseine.nu/~dsr
More information about the Discuss
mailing list