P
Peter Köhlmann
Guest
Re: Open Source Developers Shun Micoshaft Corporation
dennis@home wrote:
>
> "Nomen Nescio" <nobody@dizum.com> wrote in message
> news:e40ea554b3a5d55c21556be548cd8344@dizum.com...
>
>>> As I see it ATM it is possible to create a file with a different bit
>>> and make it checksum correctly
>>
>> No it is not. That would require MD5 to be vulnerable to preimage
>> attacks, which it is not.
>
> You don't understand the problem.
> You have a fixation with preimage attacks which is not what is required.
> To quote from the document
>
>>>>>>>
>
> Q: How might an attacker exploit a collision attack?
> A: To exploit a collision attack, an adversary would typically begin by
> constructing two messages with the same hash where one message appears
> legitimate or innocuous. For example, suppose the attacker (Charlie)
> discovers that the message "I, Bob, agree to pay Charlie $ 5000.00 on
> 4/12/2005." has the same hash as "I, Bob, agree to pay Charlie
> $18542841.54 on 9/27/2012." Charlie could then try to get Bob (the victim)
> to digitally sign the first message (e.g., by purchasing $5000 of goods).
> Charlie would then claim that Bob actually signed the second message, and
> "prove" this assertion by showing that Bob's signature matches the second
> message.
>
> <<<<<<<<
>
> It is a collison attack to change bits of an iso to make it contain
> malicious code.
> It is *not* a preimage attack.
>
> Now do you have that clear?
>
> All the evidence so far says I am correct but I may not have enough CPU
> power, yet!
>
> I hope you are happy with all this fear and doubt your false accusations
> are causing.
As with collision attacks you don't get to control the MD5 hash, you are
completely, totally wrong.
With "collision attacks" you can get 2 files/messages/texts which compute to
the same MD5 hash. Your problem is that you can't control the MD5.
Now with an ISO which already has a predefined MD5 hash code, you can no
longer control that code, and you can't generate a string of bytes to
generate the same hash. For that to do you need "pre-image attack", but
that is what you don't have. And no amount of computing power would save
you
This has been explained to you several times by now, and you are still
unable to acknowledge that you are a typical, idiotic Vista luser
It is entirely your problem if you are too stupid to understand rather
simple explanations
--
Support your local Search and Rescue unit -- get lost.
dennis@home wrote:
>
> "Nomen Nescio" <nobody@dizum.com> wrote in message
> news:e40ea554b3a5d55c21556be548cd8344@dizum.com...
>
>>> As I see it ATM it is possible to create a file with a different bit
>>> and make it checksum correctly
>>
>> No it is not. That would require MD5 to be vulnerable to preimage
>> attacks, which it is not.
>
> You don't understand the problem.
> You have a fixation with preimage attacks which is not what is required.
> To quote from the document
>
>>>>>>>
>
> Q: How might an attacker exploit a collision attack?
> A: To exploit a collision attack, an adversary would typically begin by
> constructing two messages with the same hash where one message appears
> legitimate or innocuous. For example, suppose the attacker (Charlie)
> discovers that the message "I, Bob, agree to pay Charlie $ 5000.00 on
> 4/12/2005." has the same hash as "I, Bob, agree to pay Charlie
> $18542841.54 on 9/27/2012." Charlie could then try to get Bob (the victim)
> to digitally sign the first message (e.g., by purchasing $5000 of goods).
> Charlie would then claim that Bob actually signed the second message, and
> "prove" this assertion by showing that Bob's signature matches the second
> message.
>
> <<<<<<<<
>
> It is a collison attack to change bits of an iso to make it contain
> malicious code.
> It is *not* a preimage attack.
>
> Now do you have that clear?
>
> All the evidence so far says I am correct but I may not have enough CPU
> power, yet!
>
> I hope you are happy with all this fear and doubt your false accusations
> are causing.
As with collision attacks you don't get to control the MD5 hash, you are
completely, totally wrong.
With "collision attacks" you can get 2 files/messages/texts which compute to
the same MD5 hash. Your problem is that you can't control the MD5.
Now with an ISO which already has a predefined MD5 hash code, you can no
longer control that code, and you can't generate a string of bytes to
generate the same hash. For that to do you need "pre-image attack", but
that is what you don't have. And no amount of computing power would save
you
This has been explained to you several times by now, and you are still
unable to acknowledge that you are a typical, idiotic Vista luser
It is entirely your problem if you are too stupid to understand rather
simple explanations
--
Support your local Search and Rescue unit -- get lost.