<grrrrrrr> Frederick B. Cohen writes:
[...] uses an MD5 checksum which the members of this list seem to place unlimited trust in (incorrectly in my view, but that would be picking two nits with one keyboard entry).
[me]> Can you elaborate WITH FACTS on the supposed weakness of MD5 ? ********** I wonder what is your definition of facts...
I didn't say that there were any weaknesses in MD5, all I said was: "unlimited trust ... (incorrectly in my view...)"
The lack of adequate demonstration of strength is not the same as a weakness. It represents only a lack of adequate assurance for placing more than a certain amount of trust in MD5 for the purpose it is being used to accomplish.
As to weaknesses, I seem to remember that someone managed to forge a modification to a program used to observe networks on a Sun so that it had the same MD5 checksum as the official trusted version. But whether This is absolute bullshit with a probability of (2^128-1)/2^128 this is real is not strictly the issue. On the contrary real things should be the issue... not random thoughts
In the case of the trust being placed in MD5 by Netscape, the assumption being made (without adequate support as far as I can tell) is that an because you can't tell 1+1=2 doesn't imply people have to worry... MD5 checksum cannot be forced, through a chosen plaintext attack, to yield checksums of 1, 2, 3, 5, 7, 9, ... on up to enough primes to allow the known plaintext attack that gets the RSA private key used to authenticate messages. As far as I am aware (and I may not be aware of everything) there is no reference work to support this assumption. If The fact that you obviously didn't take the time to do any search/reading on the subject does not allow you to go on with mad assumptions... the assumption is wrong, then the whole SSL can fall to a selected plaintext attack launchable (presumably) through those general purpose Java aplets we have heard so much about. FYI, ( false => false ) is a true expression... starting from false assumption you can demonstrate *anything* { if 1+1!=2, lots of things "fall"} [me]> [btw who talked about 'unlimited' trust ?] There has been no limit given by anyone on this list to the level of trust they place in MD5. Several people have posted (without contention) that MD5 is sufficiently trustworthy to trust billions of dollars in commerce to it's being able to prevent a selected plaintext attack as eluded to above. If you think we should trust it, and you don't limit your assessment of trust, what other assumption should I make? If several people proclaim that trust and nobody stands up in disagreement, tacit agreement is my normal (although not necessarily justified) assumption.
AGAIN, the limit is 2^128 computer operations (as I quoted from the rfc days ago), which is imo certainly NOT the weakest part of the security chain... Do you actually read anything people are mailing or writing ? </grrrrrrr> sorry again, I feel tested... dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept cracking SEAL Team 6 counter-intelligence DES Pasqua Qaddafi class struggle