Re: MD5 algorithm considered toxic (and harmful)

[Paul Schmehl <pauls () utdallas edu>]

--On December 1, 2007 2:20:21 PM -0500 Tim 
<tim-security () sentinelchicken org> wrote:

> > because they perform risk-analysis:
> > - what are the threats to my assets?
> > - which role does MD5 play there?
> > - any subsequent risk then from using it?
> > - high priority risk? mitigating controls or risk acceptance?
>
> Don't kid yourself.  Very few businesses in my experience think about
> this stuff when they go to use a hash.  Most just use whatever hash
> they're used to using.  I rarely see clients actually sitting down and
> thinking about what the application of a given hash is and what the
> threats are in their specific case.
>
>
> > would you be so kind to show me a real-world attack against a VPN
> > using MD5 hashing? ...
>
> Assuming there are no real-world attacks against your particular VPN
> that uses MD5, does that make it safe for the rest of us in any given
> application?  A rather leading question IMO.
While I don't think it's time to panic, it's definitely time to begin 
moving to SHA-256 and stop using MD-5.  FreeBSD has already done so in its 
ports system, although you can still use MD-5 as well.  But far too many 
downloads still use MD-5 or **no checksum at all**, and that is a problem.

While collisions in MD-5 are now proven, what I've not seen yet is the 
ability to alter a legitimate file or tarball yet generate the same 
checksum.  It *is* theoretically possible, however, and the fact that 
collisions have been proven should be enough to begin abandoning its use 
IMO.

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/