1999-08-14-01:22:08 Jeff Duffy:
> I should have said that it's not impossible to take an original binary file,
> create a new (trojaned) binary file, and run an alter/sum...alter/sum type
> of brute force round on the new one until you get it to match the original,
> just as Todd Bennett was suggesting.
I don't know a Todd Bennett, but if you meant Bennett Todd, he never suggested
any such thing; rather, he suggested that MD5s are probably strong enough, at
least today. I'm sure about that. He's me.
> Yes, that's a lot of possibilities to cover, but it's not impossible.
For a sufficiently vacant and unthinking definition of "impossible", I guess
you're right, it's not. But for those of us who are more interested in getting
real work done, it certainly is.
If you have to modify a file while leaving its checksum unchanged, you have to
force it to match a specific given 128-bit checksum. There are 2**128 such
distinct checksums. Assuming you have to will on average get a hit after about
half that many tries, that'd be 2**127 tries. Lessee; suppose you wanted to
build a search engine that could do that many MD5s in say a hundred billion
years, for the US definition of billion --- 100,000,000,000 years all told.
Say you are patient. Ok, that's 3,155,760,000,000,000,000 seconds (at 86400
seconds per day, 365.25 days per year). Now 2**127 tries is only
801,563,040,000,000,000,000, so you only have to do about 250 tries a second!
I guess that's practical. If you are patient. I haven't read up on cosmology
lately; is the universe expected to last a hundred billion years? Even if it
is, I'm pretty sure I'm not. At least not unless I give up some of my
favourite vices.
> I did not mean to suggest that MD5 was an insecure algorithm. My point was
> simply that if you're going for the maximum paranoia value, searching the
> available space for one checksum match is much more likely to succeed than
> matching two different sums.
That's strictly true, if all the sums are equally strong. If not, only the
strongest will count.
Go ahead and run multiple distinct cryptographic checksums; it won't hurt
anything. I won't bother.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
