MD5

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

MD5

Chet Uber
Theo,

Also the last I checked obsd still supports MD5

CU



Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[hidden email]  |  www.securityposture.com
--------------------------------------------------------
'It is vain to do with more what can be done with fewer'
--------------------------------------------------------
-- This communication is confidential to the parties it was intended  
to serve --

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Gilles Chehade
Chet Uber wrote:
> Theo,
>
> Also the last I checked obsd still supports MD5
>
> CU
Can you please explain why it should not ?
Can you please find a collision for 3d16b4f76338838044b90ffae5e71cb5 ?

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Chet Uber
On Jul 4, 2006, at 3:00 AM, Gilles Chehade wrote:

> Chet Uber wrote:
>> Theo,
>>
>> Also the last I checked obsd still supports MD5
>>
>> CU
> Can you please explain why it should not ?
> Can you please find a collision for 3d16b4f76338838044b90ffae5e71cb5 ?

1. No, but you can certainly find the numerous citations on why it is  
weak hash.
2. No, as you are not a customer, we do not have custody of the  
machine, and I have no desire to play games or to potentially provide  
you access to a machine that is not yours.

I never said it should not have MD5, although if you follow the logic  
that removed telnet (as it should have been) then it should be  
scheduled at sometime in the near future for removal.

CU

Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[hidden email]  |  www.securityposture.com
--------------------------------------------------------
'It is vain to do with more what can be done with fewer'
--------------------------------------------------------
-- This communication is confidential to the parties it was intended  
to serve --

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Gilles Chehade
On Tue, 4 Jul 2006 06:18:53 -0400
Chet Uber <[hidden email]> wrote:

>
> On Jul 4, 2006, at 3:00 AM, Gilles Chehade wrote:
>
> > Chet Uber wrote:
> >> Theo,
> >>
> >> Also the last I checked obsd still supports MD5
> >>
> >> CU
> > Can you please explain why it should not ?
> > Can you please find a collision for
> > 3d16b4f76338838044b90ffae5e71cb5 ?
>
> 1. No, but you can certainly find the numerous citations on why it
> is weak hash.
>

I know why it is a weak hash, I was not implying it was strong but it
is still useful for many applications that still rely on it, for some
protocols that use mixed hashes [md5/sha, ...]. Not to mention that a
use coupled with salting for the master.passwd database isn't weak in
my opinion.


> 2. No, as you are not a customer, we do not have custody of the  
> machine, and I have no desire to play games or to potentially
> provide you access to a machine that is not yours.
>

haha, that was a good one :)
I *really* hoped you would paste a collision and prove me wrong ...
And yeah I *do* know it is possible but I was trying to make sure it
wasn't just "yet another crypto expert" talking ...


> I never said it should not have MD5, although if you follow the
> logic that removed telnet (as it should have been) then it should be  
> scheduled at sometime in the near future for removal.
>

read 1-, there is a difference between pro-active advocacy of new
protocols to deprecate old ones, and removal of a key feature upon
which many tools and protocols are still relying.

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Chet Uber
>> 1. No, but you can certainly find the numerous citations on why it
>> is weak hash.
>>
>
> I know why it is a weak hash, I was not implying it was strong but it
> is still useful for many applications that still rely on it, for some
> protocols that use mixed hashes [md5/sha, ...]. Not to mention that a
> use coupled with salting for the master.passwd database isn't weak in
> my opinion.

I think I missed the initial post as I thought the issue was tracking  
previously used passwords and someone had indicating that you were  
actually storing the passwords. Since it appeared to me they did not  
understand that hashes were involved I started down this path. I  
really was not trying to debate the strength of hashes in passwd  
mechanism. Sorry to get this off topic so far.

>> 2. No, as you are not a customer, we do not have custody of the
>> machine, and I have no desire to play games or to potentially
>> provide you access to a machine that is not yours.
>>
>
> haha, that was a good one :)
> I *really* hoped you would paste a collision and prove me wrong ...
> And yeah I *do* know it is possible but I was trying to make sure it
> wasn't just "yet another crypto expert" talking ...

No just someone that does a lot of work with hashes. Mere mortals do  
not do crypto -- we just use it. The reason I had said anything is  
that when I do forensic work I used to just do MD5's of files, but it  
has gotten called to task in court so we now use both MD5 and SHA1  
hashes as it is NP-complete to find a collision in both of them for  
the same file.

>> I never said it should not have MD5, although if you follow the
>> logic that removed telnet (as it should have been) then it should be
>> scheduled at sometime in the near future for removal.
>>
>
> read 1-, there is a difference between pro-active advocacy of new
> protocols to deprecate old ones, and removal of a key feature upon
> which many tools and protocols are still relying.

You have a valid point and again as I have gotten off topic I am  
going to "tap out".

CU




Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[hidden email]  |  www.securityposture.com
--------------------------------------------------------
'It is vain to do with more what can be done with fewer'
--------------------------------------------------------
-- This communication is confidential to the parties it was intended  
to serve --

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Philip Guenther-2
On 7/4/06, Chet Uber <[hidden email]> wrote:
...
> The reason I had said anything is
> that when I do forensic work I used to just do MD5's of files, but it
> has gotten called to task in court so we now use both MD5 and SHA1
> hashes as it is NP-complete to find a collision in both of them for
> the same file.

Finding collisions for both MD5 and SHA-1 together is actually
NP-complete and not just NP?  That's an significant result that would
affect the design of protocols using hashes.  Do you have a citation
for that?


Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Moritz Kiese
On Thu, 6 Jul 2006, Philip Guenther wrote:

> On 7/4/06, Chet Uber <[hidden email]> wrote:
> ...
>> The reason I had said anything is
>> that when I do forensic work I used to just do MD5's of files, but it
>> has gotten called to task in court so we now use both MD5 and SHA1
>> hashes as it is NP-complete to find a collision in both of them for
>> the same file.
>
> Finding collisions for both MD5 and SHA-1 together is actually
> NP-complete and not just NP?  That's an significant result that would
> affect the design of protocols using hashes.  Do you have a citation
> for that?

I would be interested in a proof for that as well, esp if this was true
for _all_ collisions.

++mbk

Reply | Threaded
Open this post in threaded view
|

Re: MD5

Gilles Chehade
On Thu, 6 Jul 2006 14:04:28 +0200 (CEST)
Moritz Kiese <[hidden email]> wrote:

> On Thu, 6 Jul 2006, Philip Guenther wrote:
>
> > On 7/4/06, Chet Uber <[hidden email]> wrote:
> > ...
> >> The reason I had said anything is
> >> that when I do forensic work I used to just do MD5's of files, but
> >> it has gotten called to task in court so we now use both MD5 and
> >> SHA1 hashes as it is NP-complete to find a collision in both of
> >> them for the same file.
> >
> > Finding collisions for both MD5 and SHA-1 together is actually
> > NP-complete and not just NP?  That's an significant result that
> > would affect the design of protocols using hashes.  Do you have a
> > citation for that?
>
> I would be interested in a proof for that as well, esp if this was
> true for _all_ collisions.
>
> ++mbk
>

please ... let this thread die ...