MD5 Collisions...

Wes Peters wes at softweyr.com
Tue Dec 4 12:01:01 PST 2007 

Colin Percival asked:

> Norberto Meijome wrote:
>> should some kind of advisory be sent to advise people not to rely  
>> solely on MD5 checksums? Maybe an update to the man page is due ? :
>>
>> "
>> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
>>     been made that its security is in some doubt.  The attacks on  
>> MD5 are in
>>     the nature of finding ``collisions'' -- that is, multiple  
>> inputs which
>>     hash to the same value; it is still unlikely for an attacker to  
>> be able
>>     to determine the exact original input given a hash value.
>> "
>
> I fail to see how the man page is incorrect here.  What do you think  
> it should
> be saying instead?

Nothing.  This is philosophy, which goes far beyond the scope of man  
pages.

As a security researcher, it's fun to spend years poking at a problem  
until you find a way to exploit it, and the meaning doesn't change if  
the exploit takes all of the computing resources that existed in the  
known universe up to last year.  In the real world, these 'attacks'  
have little meaning.

The common uses of MD5 as applied to the average FreeBSD consumer  
consist of adding some amount of assurance that the bits said user  
just downloaded are indeed the bits (s)he wanted to download.  The  
probability of someone compromising one or more servers, replacing the  
compressed tar image with another compressed tar image of the SAME  
LENGTH that is still valid and that manages to do much the same work  
as the original, plus some nefarious additional function, is  
infinitesimally small.

In theory, theory is better than practice, but in practice, it never is.

The one direction the FreeBSD Project should take from this discussion  
is that cryptography, like any form of security, is an arms race.   
Utilities that use cryptography for protection should plan on being  
able to use newer ciphers from very beginning, because what we have  
now will, in practice, NEVER be enough tomorrow, for some tomorrow.

--
            Where am I, and what am I doing in this handbasket?
Wes Peters                                                     wes at softweyr.com

More information about the freebsd-security mailing list