On Aug 25, 7:01pm, alex wrote:
Subject: Re: $10M breaks MD5 in 24 days
One of the more interesting papers had a claim (with little detail, unfortunately) that for ten million dollars you could build a machine that would "break" MD5, in the sense of finding another message which would hash to the same as a chosen one, in 24 days.
This in itself wouldn't give an attacker much of anything would it? I mean, once they discovered a message which hashed to a given value, the new message wouldn't be in the proper format, would it? Wouldn't it just be noise, instead of text in english, crypto keys, etc.?
Not necessarily. If you're forging some packet, certificate or file, it is often adequate to have just a couple of fields (potentially a few bits) which contain data you want, and the rest can be garbage. If your search engine could fix these and play with the rest of the packet, the chances are good (but decreasing with the more bits you use for a fixed size packet) that you will find a packet which will have the correct signature _and_ contain the forged data you need. If you can play with the packet size, then your chances of finding a match increase. Ian.