"Mark Kent" <mark.kent@demon.co.uk> wrote in message
news:48c4t4-nq9.ln1@ellandroad.demon.co.uk...
> dennis@home <dennis@killspam.kicks-ass.net> espoused:
>>
>> "Jim Richardson" <warlock@eskimo.com> wrote in message
>> news:lgm3t4-5il.ln1@dragon.myth...
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Sun, 30 Sep 2007 00:22:23 +0100,
>>> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>>
>>>> Also it is probably possible to engineer an iso to have the correct
>>>> checksum.
>>>> It shouldn't be too hard as you have the source code for the checksum
>>>> program so you can modify it to add padding to the iso somewhere to
>>>> make
>>>> the
>>>> checksum anything you like. Unless you have mathematical proof this
>>>> can't
>>>> be
>>>> done
>>>
>>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>>> process works.
>>
>> So as I asked is there a mathematical proof that you can only end up with
>> one checksum for any set of data?
>
> Why don't you investigate md5, sha1 and so on, and find out? Then,
> instead of spreading misinformation, you might actually have some facts.

I haven't claimed I need to beat md5 to pass off a fake cd.
I said it was irrelevant as its not going to stop an attack as it will be
ignored.

It was thrown in to fuzz the picture by owl.

>
> You could start with looking at CRC checks used to prevent false framing
> in TDM transport systems. You'll find that they are amazingly robust,
> even though they work with relatively small numbers.

That is a poor example as I know you can get errors that still have correct
checksums.
(I did write some X25 protocol software when I was a lad.)
The checksums aren't really designed to stop someone faking packets at all.

If that is the best evidence then it shows I am correct and that md5 was
designed for the wrong thing, which I doubt.
Its a bit like me telling you how to build a hydrogen bomb when you asked
about fitting a new turbine blade to a jet engine.
Both over the top of your head and no relevance at all.
It still takes a mathematician to examine md5 and I am not, so your advice
wasn't much use to anyone really.

>
> Then, consider just how large a binary or decimal number it could be
> possible to express using all 700Mbytes of a CD.

A user is more likely to ignore a key that is large than one that is small
so it doesn't really help.
Md5 is really good if you are exchanging data with someone you trust but
don't trust the transmission path.
They are totally useless if you trust both which a significant number of
people will.

There are a significant number here that think I was wrong to say you
shouldn't download stuff from a site posted by user "7" in this newsgroup..
they obviously trust both him and the delivery path and don't like someone
saying anyone shouldn't.
Sounds like a recipe for trouble to me.

"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote in message
news:239830bd33694c83356cb21f4deb7469@pboxmix.wins tonsmith.info...

>> Do you not understand anything about social engineering?
>
> More than you'll ever understand. That's how I know integrity checking
> works you ninny. :)

If you think all users are going to compare two strings to see if the disk
they have downloaded matches then you obviously know nothing about what you
are saying so we can ignore it from here.

"Jim Richardson" <warlock@eskimo.com> wrote in message
news:lgm3t4-5il.ln1@dragon.myth...


> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
> process works.

Having done a quick check.
Its pretty obvious that few people here know how md5 works.

quote for wiki for those that think they know

>>>>>>>>>>
md5sum is a computer program which calculates and verifies MD5 hashes, as
described in RFC 1321. The MD5 hash (or checksum) functions as a compact
digital fingerprint of a file. It is extremely unlikely that any two
non-identical files will have the same MD5 hash (although it is certainly
possible).

<<<<<<<<<<

Note the bit about being possible.
Now that is just from random files and not from an engineered attempt to
make them the same.
As I said if someone has proof that it can't be done I am all ears.
As it stands I think it is quite possible to fake the md5 checksum and you
are wrong.
AFAICS it is easier to fake on large files like isos than on small files
like these posts.
It looks like the algorithm gets less secure the larger the file to me but
as I said I am not a mathematician.

On Sun, 30 Sep 2007 15:04:00 +0100, dennis@home wrote:

> "Jim Richardson" <warlock@eskimo.com> wrote in message
> news:lgm3t4-5il.ln1@dragon.myth...
>
>
>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>> process works.
>
> Having done a quick check.
> Its pretty obvious that few people here know how md5 works.
>
> quote for wiki for those that think they know
>
>
> md5sum is a computer program which calculates and verifies MD5 hashes,
> as described in RFC 1321. The MD5 hash (or checksum) functions as a
> compact digital fingerprint of a file. It is extremely unlikely that any
> two non-identical files will have the same MD5 hash (although it is
> certainly possible).
>
> <<<<<<<<<<
>
> Note the bit about being possible.
> Now that is just from random files and not from an engineered attempt to
> make them the same.
> As I said if someone has proof that it can't be done I am all ears. As
> it stands I think it is quite possible to fake the md5 checksum and you
> are wrong.
> AFAICS it is easier to fake on large files like isos than on small files
> like these posts.
> It looks like the algorithm gets less secure the larger the file to me
> but as I said I am not a mathematician.

Of course it's not impossible. The only thing that's impossible is for it
to not be impossible.

Any algorithm that has a fixed hash length has collisions. Simple reason
being that if MD5 has 2^128 different hashes, then if one has (2^128)+1
datasets there has to be at least one collision as the number of datasets
now exceeds the number of possible keys. So yes, it's possible.

Thing is though is that the computational effort required to do so just
makes it unfeasible. This is the same when you go trust a "HTTPS"
website. The only thing really protecting your precious credit card data
you just entered is the fact that decrypting it is computationally
unfeasible without such a huge effort that the costs would be far greater
than any possible gains.

So everytime you go order something online, it is *possible* for someone
to decrypt your credit card information...you better stop buying things
online now (if you do that is) by your logic.

On the same lines, it is possible to modify a Binary image to contain
malicious code and the same MD5 sum. It could be done in theory. But
realistically speaking, the effort that this would take makes it not
feasible to actually do.

Even if someone succeeded at doing that, the malicious image would be
discovered by users and the information made available about it
everywhere on the net before it ever could have any significant impact.
You don't actually believe that someone can could put up a malicious
LiveCD without *someone* noticing and it being announced all over the
news right?

And honestly, who the hell would download a operating system from a P2P
file sharing program? Anyone in their right mind that wants to download
an OS is going to go to the OS' website, inform themselves about the OS
and then download it if they want to from there.

And if someone is an idiot enough to use some P2P software to download
binaries and gets their system toasted as a result then they probably
didn't deserve much better in the first place.

--
Stephan
2003 Yamaha R6

君のこと思い出す日なんてないのは
君のこと忘れたときがないから

dennis@home <dennis@killspam.kicks-ass.net> espoused:
>
> "Mark Kent" <mark.kent@demon.co.uk> wrote in message
> news:48c4t4-nq9.ln1@ellandroad.demon.co.uk...
>> dennis@home <dennis@killspam.kicks-ass.net> espoused:
>>>
>>> "Jim Richardson" <warlock@eskimo.com> wrote in message
>>> news:lgm3t4-5il.ln1@dragon.myth...
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On Sun, 30 Sep 2007 00:22:23 +0100,
>>>> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>>>
>>>>> Also it is probably possible to engineer an iso to have the correct
>>>>> checksum.
>>>>> It shouldn't be too hard as you have the source code for the checksum
>>>>> program so you can modify it to add padding to the iso somewhere to
>>>>> make
>>>>> the
>>>>> checksum anything you like. Unless you have mathematical proof this
>>>>> can't
>>>>> be
>>>>> done
>>>>
>>>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>>>> process works.
>>>
>>> So as I asked is there a mathematical proof that you can only end up with
>>> one checksum for any set of data?
>>
>> Why don't you investigate md5, sha1 and so on, and find out? Then,
>> instead of spreading misinformation, you might actually have some facts.
>
> I haven't claimed I need to beat md5 to pass off a fake cd.
> I said it was irrelevant as its not going to stop an attack as it will be
> ignored.
>

Clearly you're trolling, as just above here, you quite directly state:
"it is probably possible to engineer an iso to have the correct
checksum."

.... which indicates that you have limited if not zero comprehension of
how md5 and sha1 and so on work. This leaves you less than qualified to
remark on security issues.

--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| My (new) blog: http://www.thereisnomagic.org |

"Stephan Rose" <nospam@spammer.com> wrote in message
news:prqdneuQOOnbJmLbnZ2dnUVZ8sbinZ2d@giganews.com ...
> On Sun, 30 Sep 2007 15:04:00 +0100, dennis@home wrote:
>
>> "Jim Richardson" <warlock@eskimo.com> wrote in message
>> news:lgm3t4-5il.ln1@dragon.myth...
>>
>>
>>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>>> process works.
>>
>> Having done a quick check.
>> Its pretty obvious that few people here know how md5 works.
>>
>> quote for wiki for those that think they know
>>
>>
>> md5sum is a computer program which calculates and verifies MD5 hashes,
>> as described in RFC 1321. The MD5 hash (or checksum) functions as a
>> compact digital fingerprint of a file. It is extremely unlikely that any
>> two non-identical files will have the same MD5 hash (although it is
>> certainly possible).
>>
>> <<<<<<<<<<
>>
>> Note the bit about being possible.
>> Now that is just from random files and not from an engineered attempt to
>> make them the same.
>> As I said if someone has proof that it can't be done I am all ears. As
>> it stands I think it is quite possible to fake the md5 checksum and you
>> are wrong.
>> AFAICS it is easier to fake on large files like isos than on small files
>> like these posts.
>> It looks like the algorithm gets less secure the larger the file to me
>> but as I said I am not a mathematician.
>
> Of course it's not impossible. The only thing that's impossible is for it
> to not be impossible.
>
> Any algorithm that has a fixed hash length has collisions. Simple reason
> being that if MD5 has 2^128 different hashes, then if one has (2^128)+1
> datasets there has to be at least one collision as the number of datasets
> now exceeds the number of possible keys. So yes, it's possible.
>
> Thing is though is that the computational effort required to do so just
> makes it unfeasible. This is the same when you go trust a "HTTPS"
> website. The only thing really protecting your precious credit card data
> you just entered is the fact that decrypting it is computationally
> unfeasible without such a huge effort that the costs would be far greater
> than any possible gains.

No it isn't the only thing protecting my card.
To start with you have to intercept the data which is not easy.
Then you have to crack the key using the small amout of data you have.
And it doesn't use md5 either as md5 has known faults that make it easier to
attack using brute force.
And you forget its Iwouldn't be trying to decode any encryption I would be
trying to encode some data to make the same checksum. The two tasks are by
no means the same. All I have to do is end up with a file the same size and
same checksum while only changing a few files that the user is unlikely to
use, lets say the drivers for some obscure hardware, probably a few tens of
megabytes to play with.

>
> So everytime you go order something online, it is *possible* for someone
> to decrypt your credit card information...you better stop buying things
> online now (if you do that is) by your logic.
>
> On the same lines, it is possible to modify a Binary image to contain
> malicious code and the same MD5 sum. It could be done in theory. But
> realistically speaking, the effort that this would take makes it not
> feasible to actually do.
>
> Even if someone succeeded at doing that, the malicious image would be
> discovered by users and the information made available about it
> everywhere on the net before it ever could have any significant impact.
> You don't actually believe that someone can could put up a malicious
> LiveCD without *someone* noticing and it being announced all over the
> news right?

Yes I do think it is quite possible.
When was the last time you checked the contents of a cd other than the
checksum?
Why would someone else?

>
> And honestly, who the hell would download a operating system from a P2P
> file sharing program? Anyone in their right mind that wants to download
> an OS is going to go to the OS' website, inform themselves about the OS
> and then download it if they want to from there.

At least one person here that says it can't happen has said they do so I
guess you know at least one.
I guess my warning was just too much for them and they joined the attack to
convince themselves that they hadn't been a complete idiot.
(You know who you are.)

> And if someone is an idiot enough to use some P2P software to download
> binaries and gets their system toasted as a result then they probably
> didn't deserve much better in the first place.

Their system probably wouldn't be toasted.. it would sit there controlling
bots sending spam to you and I and they would be oblivious.

"Mark Kent" <mark.kent@demon.co.uk> wrote in message
news:qp65t4-v3e.ln1@ellandroad.demon.co.uk...
> dennis@home <dennis@killspam.kicks-ass.net> espoused:
>>
>> "Mark Kent" <mark.kent@demon.co.uk> wrote in message
>> news:48c4t4-nq9.ln1@ellandroad.demon.co.uk...
>>> dennis@home <dennis@killspam.kicks-ass.net> espoused:
>>>>
>>>> "Jim Richardson" <warlock@eskimo.com> wrote in message
>>>> news:lgm3t4-5il.ln1@dragon.myth...
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> On Sun, 30 Sep 2007 00:22:23 +0100,
>>>>> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>>>>
>>>>>> Also it is probably possible to engineer an iso to have the correct
>>>>>> checksum.
>>>>>> It shouldn't be too hard as you have the source code for the checksum
>>>>>> program so you can modify it to add padding to the iso somewhere to
>>>>>> make
>>>>>> the
>>>>>> checksum anything you like. Unless you have mathematical proof this
>>>>>> can't
>>>>>> be
>>>>>> done
>>>>>
>>>>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>>>>> process works.
>>>>
>>>> So as I asked is there a mathematical proof that you can only end up
>>>> with
>>>> one checksum for any set of data?
>>>
>>> Why don't you investigate md5, sha1 and so on, and find out? Then,
>>> instead of spreading misinformation, you might actually have some facts.
>>
>> I haven't claimed I need to beat md5 to pass off a fake cd.
>> I said it was irrelevant as its not going to stop an attack as it will be
>> ignored.
>>
>
> Clearly you're trolling, as just above here, you quite directly state:
> "it is probably possible to engineer an iso to have the correct
> checksum."
>
> ... which indicates that you have limited if not zero comprehension of
> how md5 and sha1 and so on work. This leaves you less than qualified to
> remark on security issues.

Just because I am commenting on what others have said in their attacks
doesn't make me a troll especially as I appear to be correct ATM.
You have not provided any evidence that I am wrong just the usual response
when they don't have any real arguments.

BTW I have made no comment on sha1 so could you stop saying I have.

On Sun, 30 Sep 2007 19:47:49 +0100, dennis@home wrote:
<snip>

>>>
>>> Note the bit about being possible.
>>> Now that is just from random files and not from an engineered attempt
>>> to make them the same.
>>> As I said if someone has proof that it can't be done I am all ears. As
>>> it stands I think it is quite possible to fake the md5 checksum and
>>> you are wrong.
>>> AFAICS it is easier to fake on large files like isos than on small
>>> files like these posts.
>>> It looks like the algorithm gets less secure the larger the file to me
>>> but as I said I am not a mathematician.
>>
>> Of course it's not impossible. The only thing that's impossible is for
>> it to not be impossible.
>>
>> Any algorithm that has a fixed hash length has collisions. Simple
>> reason being that if MD5 has 2^128 different hashes, then if one has
>> (2^128)+1 datasets there has to be at least one collision as the number
>> of datasets now exceeds the number of possible keys. So yes, it's
>> possible.
>>
>> Thing is though is that the computational effort required to do so just
>> makes it unfeasible. This is the same when you go trust a "HTTPS"
>> website. The only thing really protecting your precious credit card
>> data you just entered is the fact that decrypting it is computationally
>> unfeasible without such a huge effort that the costs would be far
>> greater than any possible gains.
>
> No it isn't the only thing protecting my card. To start with you have to
> intercept the data which is not easy. Then you have to crack the key
> using the small amout of data you have. And it doesn't use md5 either as
> md5 has known faults that make it easier to attack using brute force.
> And you forget its Iwouldn't be trying to decode any encryption I would
> be trying to encode some data to make the same checksum. The two tasks
> are by no means the same. All I have to do is end up with a file the
> same size and same checksum while only changing a few files that the
> user is unlikely to use, lets say the drivers for some obscure hardware,
> probably a few tens of megabytes to play with.

I didn't say it would be easy. I only said it would be possible.

>
>
>> So everytime you go order something online, it is *possible* for
>> someone to decrypt your credit card information...you better stop
>> buying things online now (if you do that is) by your logic.
>>
>> On the same lines, it is possible to modify a Binary image to contain
>> malicious code and the same MD5 sum. It could be done in theory. But
>> realistically speaking, the effort that this would take makes it not
>> feasible to actually do.
>>
>> Even if someone succeeded at doing that, the malicious image would be
>> discovered by users and the information made available about it
>> everywhere on the net before it ever could have any significant impact.
>> You don't actually believe that someone can could put up a malicious
>> LiveCD without *someone* noticing and it being announced all over the
>> news right?
>
> Yes I do think it is quite possible.
> When was the last time you checked the contents of a cd other than the
> checksum?

Seeing how www.ubuntu.com is the only place I'm willing to download
Ubuntu from, I don't need to worry about it.

> Why would someone else?
>
>
>> And honestly, who the hell would download a operating system from a P2P
>> file sharing program? Anyone in their right mind that wants to download
>> an OS is going to go to the OS' website, inform themselves about the OS
>> and then download it if they want to from there.
>
> At least one person here that says it can't happen has said they do so I
> guess you know at least one.

It's nobody I know. =)


--
Stephan
2003 Yamaha R6

君のこと思い出す日なんてないのは
君のこと忘れたときがないから

Stephan Rose wrote:

> ...And if someone is an idiot enough to use some P2P software to download
> binaries and gets their system toasted as a result then they probably
> didn't deserve much better in the first place.
>
---------------------------------------------------------------

I thought that was exactly what dennis was referring to, right?
Frank

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 30 Sep 2007 10:39:24 +0100,
dennis@home <dennis@killspam.kicks-ass.net> wrote:
>
> "owl" <owl@rooftop.invalid> wrote in message
> news:pzeoiw0049.s94@rooftop.invalid...
>
> you are too stupid to argue with.
> You can't even grasp the concept of changing an isos content to match a
> checksum using the source code of the checksum program to make the fake data
> needed.

It doesn't work that way.
You are not using the checksum program from the LiveCD to check the
checksum of the LiveCD.


> If you can't understand even the basics there isn't much point in talking to
> you.
>

The irony is palpable.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHAAd7d90bcYOAWPYRAgkRAJ93ZldKK3d6Pod88eimkf bhyje35QCgvj/0
yqDYVNAFS1ehccSV5F+VIQw=
=juVf
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
I am a figment of my own imagination.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 30 Sep 2007 10:52:19 +0100,
dennis@home <dennis@killspam.kicks-ass.net> wrote:
>
> "Jim Richardson" <warlock@eskimo.com> wrote in message
> news:lgm3t4-5il.ln1@dragon.myth...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Sun, 30 Sep 2007 00:22:23 +0100,
>> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>
>>> Also it is probably possible to engineer an iso to have the correct
>>> checksum.
>>> It shouldn't be too hard as you have the source code for the checksum
>>> program so you can modify it to add padding to the iso somewhere to make
>>> the
>>> checksum anything you like. Unless you have mathmatical proof this can't
>>> be
>>> done
>>
>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>> process works.
>
> So as I asked is there a mathematical proof that you can only end up with
> one checksum for any set of data?
> If there is then no you can't fake one, if there isn't then you probably
> can.

You are confused (again) The non-presence of a proof, does not mean that
something is or is not possible. Basic logic.

> I have not claimed to be a mathematician so I don't know.
> Also it doesn't really matter as a social engineered hack doesn't need to
> fool everyone so even if owl is wise enough to check the checksums not
> everyone is.
>

not relevent to you original claims.

> There are an awful lot of people trying to put down perfectly good advice
> for some reason.

probably because it's not "perfectly good advice"

> It is enough to make you think they are trying to hide something.
> When did it become good practice to download stuff from sites posted by
> usenet users?
>

that's why you check the site out, and distrowatch checks out. It's not
some flyby night wackjobs site, furthermore, distrowatch doesn't even
offer the isos for download, they link to the official download sites.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHAAkqd90bcYOAWPYRAkx4AKDo1o4s+4Fn8P8whQN4Tm 07tpfYpACgzo/4
59/L+2ayQlGtqNFd/I7Jlqw=
=lCIX
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
"We have to go forth and crush every world view that doesn't believe in
tolerance and free speech," - David Brin

dennis@home wrote:

> Having done a quick check.
> Its pretty obvious that few people here know how md5 works.
>
> quote for wiki for those that think they know

You believe Wikipedia is some sort of "authority"?

Typical Wintard.

>
> >>>>>>>>>>
> md5sum is a computer program which calculates and verifies MD5
> hashes, as described in RFC 1321. The MD5 hash (or checksum)

MD5 hases and checksums are two completely different things regardles
of what some WikiTard decided to bang out on his keyboard some evening
after a couple too many puffs on a doobie.

> functions as a compact digital fingerprint of a file. It is extremely
> unlikely that any two non-identical files will have the same MD5 hash
> (although it is certainly possible).

If you define "possible" as "spend the next trillion years or so
working on it", then you have a point.

What you're talking about my clueless friend is "collisions". And even
using MD5 it's impossible to craft usable data that produces the same
hash value as existing usable data in any sort of time frame that could
be regarded as anything but ridiculously.

IOW, Wintard, it IS impossible.

>
> <<<<<<<<<<
>
> Note the bit about being possible.

Note the bit about you being so all around clueless you don't even know
how to go to legitimate sources to FIND clues.

<laugh>

> Now that is just from random files and not from an engineered attempt
> to make them the same.

You're so clue free you don't even realize that the "engineered"
problem is a tougher one to solve. If you can use any random file of
your choosing it's considerably easier to find two files that collide.

> As I said if someone has proof that it can't be done I am all ears.

There's hoards of proof out there. I suggest you start reading anything
written by a fellow named Claude Shannon.

> As it stands I think it is quite possible to fake the md5 checksum
> and you are wrong.

It's not possible, and YOU are wrong.

> AFAICS it is easier to fake on large files like isos than on small
> files like these posts.

Even more clueless spew. It's actually harder in theory to find
collisions among larger files.

> It looks like the algorithm gets less secure the larger the file to
> me but as I said I am not a mathematician.

You have it completely backwards, as usual.

Frank wrote:

> Stephan Rose wrote:
>
> > ...And if someone is an idiot enough to use some P2P software to
> > download binaries and gets their system toasted as a result then
> > they probably didn't deserve much better in the first place.
> >
> ---------------------------------------------------------------
>
> I thought that was exactly what dennis was referring to, right?
> Frank

There's numerous distributions that are solely available through P2P and
"cloud" networks like bittorrent due to bandwidth issues, and many
mainstream distributions disseminate that way in addition to the more
"traditional" methods like HTTP and FTP. See torrent.ubuntu.com for an
example, and a list of SHA1 "info" has values.

It's every bit as safe to download your ISO's that way as it is to type
www.mydistro.com/foo.bar.iso into a browser. You verify the resulting
file with hashes or digital signatures either way, and you're golden.

dennis@home wrote:

>
> "Stephan Rose" <nospam@spammer.com> wrote in message
> news:prqdneuQOOnbJmLbnZ2dnUVZ8sbinZ2d@giganews.com ...
> > On Sun, 30 Sep 2007 15:04:00 +0100, dennis@home wrote:
> >
> >> "Jim Richardson" <warlock@eskimo.com> wrote in message
> >> news:lgm3t4-5il.ln1@dragon.myth...
> >>
> >>
> >>> It's pretty obvious you have no clue on how the MD5 and SHA1
> >>> checksum process works.
> >>
> >> Having done a quick check.
> >> Its pretty obvious that few people here know how md5 works.
> >>
> >> quote for wiki for those that think they know
> >>
> >>
> >> md5sum is a computer program which calculates and verifies MD5
> >> hashes, as described in RFC 1321. The MD5 hash (or checksum)
> >> functions as a compact digital fingerprint of a file. It is
> >> extremely unlikely that any two non-identical files will have the
> >> same MD5 hash (although it is certainly possible).
> >>
> >> <<<<<<<<<<
> >>
> >> Note the bit about being possible.
> >> Now that is just from random files and not from an engineered
> >> attempt to make them the same.
> >> As I said if someone has proof that it can't be done I am all
> >> ears. As it stands I think it is quite possible to fake the md5
> >> checksum and you are wrong.
> >> AFAICS it is easier to fake on large files like isos than on small
> >> files like these posts.
> >> It looks like the algorithm gets less secure the larger the file
> >> to me but as I said I am not a mathematician.
> >
> > Of course it's not impossible. The only thing that's impossible is
> > for it to not be impossible.
> >
> > Any algorithm that has a fixed hash length has collisions. Simple
> > reason being that if MD5 has 2^128 different hashes, then if one
> > has (2^128)+1 datasets there has to be at least one collision as
> > the number of datasets now exceeds the number of possible keys. So
> > yes, it's possible.
> >
> > Thing is though is that the computational effort required to do so
> > just makes it unfeasible. This is the same when you go trust a
> > "HTTPS" website. The only thing really protecting your precious
> > credit card data you just entered is the fact that decrypting it is
> > computationally unfeasible without such a huge effort that the
> > costs would be far greater than any possible gains.
>
> No it isn't the only thing protecting my card.
> To start with you have to intercept the data which is not easy.

ROTFLMAO!!

You really are that stump stupid, aren't you? You actually believe
this, don't you??

There's actually a trivial attack against SSL that not only involves
intercepting that traffic but modifying it.

> Then you have to crack the key using the small amout of data you have.
> And it doesn't use md5 either as md5 has known faults that make it
> easier to attack using brute force.

Easier, yes. But still impractical, and therefor impossible in this
scenario. It would take you far longer to "crack" and MD5 signature
than the data you're "cracking" would be useful. By the time you
managed to develop an evil copy of Fedora Core 7, Fedora would be up to
Core 1,678,371,740.

> And you forget its Iwouldn't be trying to decode any encryption I
> would be trying to encode some data to make the same checksum. The

Not checksum, hash. Two different things.

> two tasks are by no means the same. All I have to do is end up with a

In fact they are nearly identical because the best known attack for
either is a brute force attack.

> file the same size and same checksum while only changing a few files
> that the user is unlikely to use, lets say the drivers for some
> obscure hardware, probably a few tens of megabytes to play with.

Can't be done. Not even against MD5.

> > impact. You don't actually believe that someone can could put up a
> > malicious LiveCD without *someone* noticing and it being announced
> > all over the news right?
>
> Yes I do think it is quite possible.

Yes, but you think Wikipeddia is a source of accurate and useful
information too. <laugh>

> When was the last time you checked the contents of a cd other than
> the checksum?

Today. About an hour ago.

> > And honestly, who the hell would download a operating system from a
> > P2P file sharing program? Anyone in their right mind that wants to
> > download an OS is going to go to the OS' website, inform themselves
> > about the OS and then download it if they want to from there.
>
> At least one person here that says it can't happen has said they do
> so I guess you know at least one.

There's nothign wrong with downloading your ISO's via bittorrent or the
like. The hash/signature is verifiable regardless. The method of
distribution is irrelevant.

> > And if someone is an idiot enough to use some P2P software to
> > download binaries and gets their system toasted as a result then
> > they probably didn't deserve much better in the first place.
>
> Their system probably wouldn't be toasted.. it would sit there
> controlling bots sending spam to you and I and they would be
> oblivious.

Like your average Wintard, then... :)

["Followup-To:" header set to comp.os.linux.advocacy.]

On Sun, 30 Sep 2007 10:39:24 +0100, dennis@home
<dennis@killspam.kicks-ass.net> wrote:

> You can't even grasp the concept of changing an isos content to match
> a checksum using the source code of the checksum program to make the
> fake data needed.

Doing that is actually very difficult if the "checksum" is carefully
constructed.

The MD5 hash that is typically used for this is an example of such a
carefully constructed checksum. It was originally developed for doing
secure digital signatures. So even though the algorithm is well-known,
changing a file and keeping the MD5 sum the same is very, very,
difficult if not impossible.

Note that MD5 has been shown to be vulnerable to a "collision attack"
that allows the creation of two files with the same hash, but you can't
pick the hash in advance. So that attack is not helpful in the case
where the attacker controls only one of the checksums, as would be the
case where he is trying to substitute an "evil" ISO for a "good" one
made by someone else.

Basically, it is not as simple to fake MD5 sums as you appear to think
it is. See here for more info:

<http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html>


--
-| Bob Hauck
-| "Reality has a well-known liberal bias." -- Stephen Colbert
-| http://www.haucks.org/