|
|
Posted by Jason Barnett on 06/13/05 16:41
Richard Lynch wrote:
> On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
>
>>That is incredibly interesting stuff, many thanks for that link! So the
>>position seems to be that it may not be feasible to reverse MD5, but it
>>is now feasible to create forged documents / binaries / whatever that
>>result in exactly the same MD5 hash as the original.
>
>
> No.
>
Richard, did you actually go to the site that Greg showed and look at
the example? Two very different (as in content) postscript documents...
same MD5 hash.
>
>>I actually tried it out for myself... and indeed the two different
>>documents produced the exact same MD5 sum.
>
>
> That's a one in a billion chance...
>
> So, if your binary file HAPPENS to match that meaningless string, you
> could use that OTHER meaningless string instead...
>
Again I say... did you look at the other "meaningless" string in the
example? I don't pretend to understand how the authors made it work,
but it wasn't just some "meaningless" string that they got to match.
> I'll bet neither of the two strings has any real-world "meaning"
>
> They just happen to be the two strings that are "easy" to find that have
> the same MD5.
>
> This has absolutely NO meaning in real-world uses of MD5.
>
> You'd have heard a LOT more screaming and wailing and gnashing of teeth if
> this mattered. :-)
>
Unless of course most people dismiss it the same way that you seem to be
dismissing it. ;)
--
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
Navigation:
[Reply to this message]
|