Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MD5 Collisions and Evidence Integrity

from [Akin, Thomas (ISS Atlanta)] Network Security [Permanent Link]
Subject: RE: MD5 Collisions and Evidence Integrity
Date: Thu, 11 Nov 2004 16:39:03 -0500 
From: ¥ dosman ¥ [mailto:dosman33@hotmail.com] 
Subject: Re: MD5 Collisions and Evidence Integrity

Actually MD5 hasn't been broken... yet. A close cousin to MD5 was broken, 
not the actual MD5 as we know it.



Not true, the earlier collisions did use different initialization values than 
the MD5 spec, but the recent collisions use true MD5 init values. See 
http://www.md5crk.com/md5col.zip for two differing 1024 bytes files that yield 
the same MD5 hash... 

The key is that, currently, while it is possible to create two files with the 
same MD5 hash, you cannot predict what the contents of those files will be. 
More importantly, when you hash a drive or file, there is currently *no way* to 
create another file that has the same hash... So, someone can't make changes to 
a file/drive in a manner that gives the same hash as the original...

Current recommendations are:
1) Continue using MD5, but understand exactly what type of collision was found 
and what it means, so you don't get caught with your pants down by opposing 
counsel... 
2) or, use two hash algorithms, such as MD5 and SHA1. I created the 2hash 
program (http://www.crossrealm.com/2hash) to do this in parallel so it doesn't 
double your hashing times... 
3) or, migrate completely away from MD5 to SHA1.


T

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MD5 Collisions and Evidence Integrity, Hrvoje Spoljar
Next by Date:  Re: mactimes - not reliable., icathar
Previous by Thread:  RE: MD5 Collisions and Evidence Integrity, Butterworth, Jim
Next by Thread:  mactimes, Potter, Timothy
Indexes:  [Date] [Thread] [Top] [All Lists]