[LINK] MD5 cracking
Adam Todd
link at todd.inoz.com
Sun Jan 28 13:53:12 AEDT 2007
I keep saying, if there is a legal way, there is an illegal way.
It doesn't matter what it is, there will always be several ways to add
binary to a 256 bit pattern :)
At 10:01 AM 28/01/2007, Rick Welykochy wrote:
>The MD5 sum is a digest of a chunk of digital data, such as a file, that
>supposedly uniquely indentifies the file, i.e. like a checksum. If you
>receive a copy of a file and its calculated MD5 does not match the
>published MD5, you can be sure the file has been tampered with.
>
>We have know for a while now that the MD5 digest is insecure, i.e. it
>is now possible to make changes to a file such that its MD5 matches
>a desired (bogus) MD5.
>
>I ran across this site today:
>
>http://milw0rm.com/cracker/list.php
>
>As they say, it's "in the wild". The web page provides a service to
>crack MD5 digests. Sigh.
>
>I mention this because practically all software we download is
>cross-checked and vetted against its MD5 digest, and nothing more
>secure. This implies that updates from Winders, downloads of
>FOSS etc.etc. could easily be compromised if the desire to do so
>is there. And it is probably only a matter of time before a
>jacked/hacked but secure-looking version of software product XYZ is
>released on the 'Net.
>
>The suggested replacement digest is SHA-1, but there are worries that
>it too is insecure and will be cracked soon. SHA-256 and -512 look like
>the way to go in the future.
>
>cheers
>rickw
>
>
>--
>_________________________________
>Rick Welykochy || Praxis Services
>
>It's always the enemies of freedom who find themselves, at one moment
>or another, most in need of it.
> -- Michel Houellebecq
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link
More information about the Link
mailing list