Richard Lynch wrote:
On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result in exactly the same MD5 hash as the original.
No.
Richard, did you actually go to the site that Greg showed and look at
the example? Two very different (as in content) postscript documents...
same MD5 hash.
I actually tried it out for myself... and indeed the two different
documents produced the exact same MD5 sum.
That's a one in a billion chance...
So, if your binary file HAPPENS to match that meaningless string, you
could use that OTHER meaningless string instead...
Again I say... did you look at the other "meaningless" string in the
example? I don't pretend to understand how the authors made it work,
but it wasn't just some "meaningless" string that they got to match.
I'll bet neither of the two strings has any real-world "meaning"
They just happen to be the two strings that are "easy" to find that have
the same MD5.
This has absolutely NO meaning in real-world uses of MD5.
You'd have heard a LOT more screaming and wailing and gnashing of teeth if
this mattered. :-)
Unless of course most people dismiss it the same way that you seem to be
dismissing it. ;)
--
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php