MD5 To Be Considered Harmful Someday
- Type
- Audio
- Tags
- cryptography
- Authors
- Dan Kaminsky
- Event
- Chaos Communication Congress 21th (21C3) 2004
- Indexed on
- Mar 27, 2013
- URL
- http://ftp.ccc.de/congress/21c3/audio/308%20MD5%20To%20Be%20Considered%20Harmful%20Someday.mp3
- File name
- 308%20MD5%20To%20Be%20Considered%20Harmful%20Someday.mp3
- File size
- 23.1 MB
- MD5
- dbc7c69af3c9973a58b8c7dcd90de37d
- SHA1
- 319a60dde7b9ad404b1737383b24ef0be90a8daf
Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of these, MD5 is the most problematic due to its heavy deployment, but there exists a perception that the flaws identified have no applied implications. We show that the appendability of Merkle-Damgard allows us to add any payload to the proof-of-concept hashes released by Wang et al. We then demonstrate a tool, Stripwire, that uses this capability to create two files – one which executes an arbitrary sequence of commands, the other which hides those commands with the strength of AES – both with the same MD5 hash. We show how this affects file-oriented system auditors such as Tripwire, but point out that the failure is nowhere near as catastrophic as it appears at first glance. We examine how this failure affects HMAC and Digital Signatures within Digital Rights Management (DRM) systems, and how the full attack expands into an unusual pseudosteganographic strikeback methodology against peer to peer networks.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
