Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MD5 Collisions and Evidence Integrity

from [Hrvoje Spoljar] Network Security [Permanent Link]
Subject: Re: MD5 Collisions and Evidence Integrity
Date: Thu, 11 Nov 2004 23:14:52 +0100 
On Wed, 2004-11-10 at 19:44, ¥ dosman ¥ wrote:

Actually MD5 hasn't been broken... yet. A close cousin to MD5 was broken, 
not the actual MD5 as we know it. It's still safe to use MD5 for the time 
being. However I would be on the look out for a replacement if and when one 
becomes available. Sure there's SHA1, but of course a pair of digests to 
compliment each other is prefered.


snip from http://www.tcs.hut.fi/~mjos/md5/


file1.dat:

  00000000  d1 31 dd 02 c5 e6 ee c4  69 3d 9a 06 98 af f9 5c
  00000010  2f ca b5 87 12 46 7e ab  40 04 58 3e b8 fb 7f 89
  00000020  55 ad 34 06 09 f4 b3 02  83 e4 88 83 25 71 41 5a
  00000030  08 51 25 e8 f7 cd c9 9f  d9 1d bd f2 80 37 3c 5b
  00000040  96 0b 1d d1 dc 41 7b 9c  e4 d8 97 f4 5a 65 55 d5
  00000050  35 73 9a c7 f0 eb fd 0c  30 29 f1 66 d1 09 b1 8f
  00000060  75 27 7f 79 30 d5 5c eb  22 e8 ad ba 79 cc 15 5c
  00000070  ed 74 cb dd 5f c5 d3 6d  b1 9b 0a d8 35 cc a7 e3

  MD5(file1.dat) = a4c0d35c95a63a805915367dcfe6b751

file2.dat:

  00000000  d1 31 dd 02 c5 e6 ee c4  69 3d 9a 06 98 af f9 5c
  00000010  2f ca b5 07 12 46 7e ab  40 04 58 3e b8 fb 7f 89
  00000020  55 ad 34 06 09 f4 b3 02  83 e4 88 83 25 f1 41 5a
  00000030  08 51 25 e8 f7 cd c9 9f  d9 1d bd 72 80 37 3c 5b
  00000040  96 0b 1d d1 dc 41 7b 9c  e4 d8 97 f4 5a 65 55 d5
  00000050  35 73 9a 47 f0 eb fd 0c  30 29 f1 66 d1 09 b1 8f
  00000060  75 27 7f 79 30 d5 5c eb  22 e8 ad ba 79 4c 15 5c
  00000070  ed 74 cb dd 5f c5 d3 6d  b1 9b 0a 58 35 cc a7 e3

  MD5(file2.dat) = a4c0d35c95a63a805915367dcfe6b751

Once you have downloaded these files you can easily verify (in UNIX shell)
that this is indeed a collision for MD5:

    $ cmp file1.dat file2.dat
    file1.dat file2.dat differ: char 20, line 1
    $ md5sum file1.dat
    a4c0d35c95a63a805915367dcfe6b751  file1.dat
    $ md5sum file2.dat
    a4c0d35c95a63a805915367dcfe6b751  file2.dat

that's my 2c

p.s. 
dosman ... mabey your relative winman uses M$ md5 ?:))
nhf man...


-- 
   ________ ___ __  ___
 /  __)  . \   \ | | __)   Hrvoje Špoljar           ICQ: 53000945
|__  |  |__/   | |_| __)   http://spole.pbf.hr/     irc.oftc.net#RoCkY
(____'__|  \___/___|___)   hrvoje.spoljar@x.pbf.hr  mobile: 0989291593


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: MD5 Collisions and Evidence Integrity, dave kleiman
Next by Date:  RE: MD5 Collisions and Evidence Integrity, Akin, Thomas (ISS Atlanta)
Previous by Thread:  RE: MD5 Collisions and Evidence Integrity, dave kleiman
Next by Thread:  Re: MD5 Collisions and Evidence Integrity, Gary Kessler
Indexes:  [Date] [Thread] [Top] [All Lists]