[Full-disclosure] Re: Case ID 51560370 - Notice of ClaimedInfringement
security at brvenik.com
Sat Apr 9 03:25:11 BST 2005
Thierry Zoller wrote:
> Dear Jason,
> J> I think that entirely depends on the format the file is distributed in.
> J> You could take a zipfile and pad it in non critical areas to change the
> J> MD5 without creating a substantial difference in the deliverable
> J> content. You could do the same with gzip or bzip formatted files. You
> J> could also pad any embedded jpeg images to engineer a collision. There
> J> are quite a few opportunities where this method could be used to twiddle
> J> the new MD5 without materially changing the content.
> Clever approach there, haven't thought about that beforehand.
Different approaches are rarely thought about beforehand. If they were
explored deeply we might have found efficiencies and complications that
would have been avoided. This security stuff might not even exist. We
would also never make progress.
> J> Software that is ~150M in size, it gets redistributed as a new file that
> J> is 160M is size but has a collision with your software which is also
> J> 160M in size. I imagine there would be some computational time involved
> J> to find the appropriate collision but a lot less computational time than
> J> finding a perfect match to the original.
> If I understood your point correctly and if my knowledge about hash
> algos is correct then to my believe the computational time to generate
> a collision is exactly the same for the perfect match as it would be
> to use an existing file to create a potenatial collision.
I've not looked into it to be honest. I am thinking aloud.
Are there cases where different bits will have a predictable and
definable impact on the resulting hash? Does a null byte have a more
defined impact than a non null byte? Can you use a minimal impact byte
as padding and more impactful byte sequences to complete the collision?
It was once said that you could not realistically create two difference
sets of data that would cause a hash collision.
It was once said that you could not exploit heap overflows and that
stack overflows did not allow for control of the machine.
It was once thought that you could not use a format string to create an
I see enough opportunities for motivated people to do the research and
create a solution that is not computationally prohibitive. I would not
be surprised if this happens in relatively short time.
To use the existence of a hash and size as justification for a legal
assault against a person that appears to be providing content which is
under protection of some law presents an interesting area of exploration
in the courts for the right team. It was once thought that being found
guilty by a jury was sufficient to put someone to death. DNA has changed
The only difference between theory and reality is implementation.
I think I am done with the thread on FD. Apologies to the myopic
thinkers among us.
Full-Disclosure is hosted and sponsored by Secunia.