Also especially after all the lawyers previously have attempted to prove
that the MD5 is infallible. For those involved in commercial litigation you
may want to be aware that some EDD vendors use the use SHA-1 or SHA-256
during what is called the "deduplication" process; avoid being duped. We
are talking big commercial cases and we know that any flaw that could
threaten the admissibility of the evidence under FRE can break your client's
bank. I suggest we should look to the "possibility of a problem" and then
eliminate it, before it takes place..
Jack
----- Original Message -----
From: "Jerry Shenk" <jshenk@decommunications.com>
To: "'Ferrill, Rob'" <Rob.Ferrill@healthsouth.com>;
<forensics@securityfocus.com>
Sent: Wednesday, November 10, 2004 4:17 PM
Subject: RE: MD5 Collisions and Evidence Integrity
Haven't any collisions in MD5 hashes all been intentionally
contrived...I think this is very rare in actual practice. I don't think
this argument has even been attempted yet has it?
One solution would be to do an md5sum as well as an sha1sum. This issue
was brought up in the GCFA track in Orlando earlier this year. The
instructor (Rob Lee) talked about evidence not needing to be 100%
infallible proof. In any court case, there will be multiple issues to
support any single conclusion. It does seem that if we'd start doing
md5sum and sha1sum hashes that that precaution might help in a few cases
where some lawyer tries to prove that the md5sum isn't reliable.
-----Original Message-----
From: Ferrill, Rob [mailto:Rob.Ferrill@healthsouth.com]
Sent: Tuesday, November 09, 2004 2:44 PM
To: forensics@securityfocus.com
Subject: MD5 Collisions and Evidence Integrity
Has anyone stopped using MD5 for hashing evidence files since the
disclosure of collision issues at the Crypto 2004 conference? There was
some concern raised during a discussion this morning that this may not
be acceptable in court cases anymore to prove evidence integrity.
Thanks,
Rob
Confidentiality Notice: This e-mail communication and any attachments
may contain
confidential and privileged information for the use of the designated
recipients named above. If
you are not the intended recipient, you are hereby notified that you
have received this
communication in error and that any review, disclosure, dissemination,
distribution or
copying of it or its contents is prohibited. If you have received this
communication in
error, please notify me immediately by replying to this message and
deleting it from your
computer. Thank you.
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
