TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

anniepoo · 27-01-2007, 04:30 PM

The MD5 calculator can indeed be tricked, but not 'with a little work'.
What ZyanWu is suggesting is notionally something like this

real file:

------ some innocent code-----

Trojan:
------ Destructive code ------ some garbage that makes the MD5 come out right----

The problem is computing the value of the garbage. This is the same problem as the problem of taking the public PGP key and a file encoded with it and extracting the private key.
A proof exists that the quickest way to compute this is to try all the private keys one at a time. For a 128 bit key, you can do this, if you have a warehouse full of supercomputers sitting around idle.

There is a controversy about MD5 - somebody finally found a way to do it with some faster (but still slow) method.
MD5 - Wikipedia, the free encyclopedia
So it's no longer secure.

so this algorithm is not preferred these days, SHA-5 is preferred.
But it definitely was NOT 'a little work' to come up with.

Oops... brain getting old and crudded up. Meant SHA-2, not SHA-5
(SHA-1 has been compromised). SHA-1 is the basis of PGP.
Yes, that means PGP is compromised (which I didn't know - thanks, guys!)

If you reaaallly need security, I'm afraid you'll have to use one time pad.
Please be careful using that from the US, that's a good way to get a visit to Guantanamo.

P.G.P. words: L. Fish
(c)12/18/93
tune: ditto

The G-men all are cryin'
And tearin' out their hair,
'Cause there's a new cryptography
That's shown up everywhere.
Nobody can break it,
However good they be.
Everybody's PC got the PGP.

It guarantees who's callin'
And just who gets the call.
If you ain't got your code-word,
You can't get in at all.
Oh, there ain't nothin' like it
To keep your privacy.
Half the world's computers got the PGP.

There's not a way to crack it,
Not in a hundred years.
All the spooks & wiretappers
Are cryin' in their beers.
They can't spy on E-mail
Here or oversea
When every home computer's got the PGP.

Bless the man who made it,
And pray that he ain't dead.
He could've made a million
If he'd sold it to the feds,
But he was hot for freedom;
He gave it out for free.
Now every common citizen's got PGP.

So go say what you want to,
Of love or war or hate,
Kinky sex, or dirty words,
Or overthrow the state.
Nobody can stop you.
Speech is really free
When everybody's PC got the PGP.

27-01-2007, 04:30 PM	#12
anniepoo Junior Member (25+) Join Date: Oct 2006 Posts: 48 Thanks: 20 Thanked 5 Times in 4 Posts Rep Power: 0	The MD5 calculator can indeed be tricked, but not 'with a little work'. What ZyanWu is suggesting is notionally something like this real file: ------ some innocent code----- Trojan: ------ Destructive code ------ some garbage that makes the MD5 come out right---- The problem is computing the value of the garbage. This is the same problem as the problem of taking the public PGP key and a file encoded with it and extracting the private key. A proof exists that the quickest way to compute this is to try all the private keys one at a time. For a 128 bit key, you can do this, if you have a warehouse full of supercomputers sitting around idle. There is a controversy about MD5 - somebody finally found a way to do it with some faster (but still slow) method. MD5 - Wikipedia, the free encyclopedia So it's no longer secure. so this algorithm is not preferred these days, SHA-5 is preferred. But it definitely was NOT 'a little work' to come up with. Oops... brain getting old and crudded up. Meant SHA-2, not SHA-5 (SHA-1 has been compromised). SHA-1 is the basis of PGP. Yes, that means PGP is compromised (which I didn't know - thanks, guys!) If you reaaallly need security, I'm afraid you'll have to use one time pad. Please be careful using that from the US, that's a good way to get a visit to Guantanamo. P.G.P. words: L. Fish (c)12/18/93 tune: ditto The G-men all are cryin' And tearin' out their hair, 'Cause there's a new cryptography That's shown up everywhere. Nobody can break it, However good they be. Everybody's PC got the PGP. It guarantees who's callin' And just who gets the call. If you ain't got your code-word, You can't get in at all. Oh, there ain't nothin' like it To keep your privacy. Half the world's computers got the PGP. There's not a way to crack it, Not in a hundred years. All the spooks & wiretappers Are cryin' in their beers. They can't spy on E-mail Here or oversea When every home computer's got the PGP. Bless the man who made it, And pray that he ain't dead. He could've made a million If he'd sold it to the feds, But he was hot for freedom; He gave it out for free. Now every common citizen's got PGP. So go say what you want to, Of love or war or hate, Kinky sex, or dirty words, Or overthrow the state. Nobody can stop you. Speech is really free When everybody's PC got the PGP. Last edited by bakuryu; 27-01-2007 at 04:48 PM.