Dr. Frederick B. Cohen writes:
In the case of the trust being placed in MD5 by Netscape, the assumption being made (without adequate support as far as I can tell) is that an MD5 checksum cannot be forced, through a chosen plaintext attack, to yield checksums of 1, 2, 3, 5, 7, 9, ... on up to enough primes to allow the known plaintext attack that gets the RSA private key used to authenticate messages. As far as I am aware (and I may not be aware of everything) there is no reference work to support this assumption. If the assumption is wrong, then the whole SSL can fall to a selected plaintext attack launchable (presumably) through those general purpose Java aplets we have heard so much about.
With a mailing list this large and diverse one can reasonably assume a range of interests and expertise. What I don't understand is your agnostic stance on something as apparently basic as MD5. If computer security is your purported area of expertise why have you not reached any firm conclusions about it? I understand that rigid conclusions are unsafe (eg they'll never prove Fermat's last theorem) but it is not like every question is equally open. Do you have a realistic attack on MD5 or is this sophomoric claptrap? How do you propose to generate messages with specific message digests? Assuming you could somehow, how do you proceed to use that information to your advantage? So let's say I have a message digest and I'm retrieving the allegedly corresponding message which you have the opportunity to alter to your heart's content. How would you proceed, even in principle, to defeat MD5? I realize I might be assuming too much when I posit that I have the true MD5 for the message but my understanding is that you feel that MD5 might be vulnerable. I've given you all the known plaintexts. Is there a next step? +---------------------------------------------------------------------- |Steve Bryan Internet: sbryan@gofast.net |Sexton Software CompuServe: 76545,527 |Minneapolis, MN Fax: (612) 929-1799 |PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D E1 8C A6 9B A9 BE 96 CB +----------------------------------------------------------------------