[Full-disclosure] MD5 algorithm considered toxic (and harmful)
Paul Schmehl
pauls at utdallas.edu
Sat Dec 1 21:21:02 GMT 2007
--On December 1, 2007 2:20:21 PM -0500 Tim
<tim-security at sentinelchicken.org> wrote:
>> because they perform risk-analysis:
>> - what are the threats to my assets?
>> - which role does MD5 play there?
>> - any subsequent risk then from using it?
>> - high priority risk? mitigating controls or risk acceptance?
>
> Don't kid yourself. Very few businesses in my experience think about
> this stuff when they go to use a hash. Most just use whatever hash
> they're used to using. I rarely see clients actually sitting down and
> thinking about what the application of a given hash is and what the
> threats are in their specific case.
>
>
>> would you be so kind to show me a real-world attack against a VPN
>> using MD5 hashing? ...
>
> Assuming there are no real-world attacks against your particular VPN
> that uses MD5, does that make it safe for the rest of us in any given
> application? A rather leading question IMO.
>
While I don't think it's time to panic, it's definitely time to begin
moving to SHA-256 and stop using MD-5. FreeBSD has already done so in its
ports system, although you can still use MD-5 as well. But far too many
downloads still use MD-5 or **no checksum at all**, and that is a problem.
While collisions in MD-5 are now proven, what I've not seen yet is the
ability to alter a legitimate file or tarball yet generate the same
checksum. It *is* theoretically possible, however, and the fact that
collisions have been proven should be enough to begin abandoning its use
IMO.
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Full-Disclosure is hosted and sponsored by Secunia.