MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

Bill Stewart stewarts at ix.netcom.com
Sun Oct 29 16:48:02 PST 1995


>>As to weaknesses, I seem to remember that someone managed to forge a
>>modification to a program used to observe networks on a Sun so that it
>>had the same MD5 checksum as the official trusted version.  But whether
>>this is real is not strictly the issue. 

There was a program that forged CRC checksums that came out a couple years back,
letting you create a Trojan Horse and modify it to match Unix "sum" checksums
by adding junk to the end.  I'd be extremely surprised if anyone did this
with MD5;
CRCs are invertable, and generally short enough to brute-force as well.
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---







More information about the cypherpunks-legacy mailing list