[incremental] Patch: FYI: add missing bits to checksum
Paolo Bonzini
bonzini@gnu.org
Wed Jan 16 21:53:00 GMT 2008
> Paolo> You cannot find a
> Paolo> second pre-image for MD5, but you can find collisions pretty easily,
> Paolo> so it could yield security problems (no I'm not exaggerating it *too
> Paolo> much*---they would be wrong-code bugs, but if somebody plays with MD5
> Paolo> collisions you can assume that they are doing something malicious).
>
> I have thought about this argument before. I am not really convinced
> by it.
Frankly, neither am I. It's not going to be Ken Thompson's attack for
the 3rd millennium. But I would find it less worrisome to not have it,
rather than to know about it.
I attach a SHA1 from glibc with a similar interface to MD5.
> I tried to see this problem in action, but I was unable. The only MD5
> collision I could easily find yields a program that is rejected by the
> lexer. If you have a "nice" collision, I'd like to have it.
It's easier to just find a MD5-collision generator and run it until it
works. But I think you have to be sure that the hash has processed a
full block before it is fed the string.
Paolo
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sha1.h
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20080116/3dbc81db/attachment.h>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sha1.c
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20080116/3dbc81db/attachment.c>
More information about the Gcc-patches
mailing list