SecurityFocus

MD5 To Be Considered Harmful Someday Dec 06 2004 11:29PM
Dan Kaminsky (dan doxpara com) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:46AM
Joel Maslak (jmaslak antelope net) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:19PM
Jack Lloyd (lloyd randombit net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:43PM
Jack Lloyd (lloyd randombit net)

MD5 To Be Considered Harmful Today Dec 08 2004 01:39AM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:23PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:40PM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:36PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 07 2004 10:54PM
Gandalf The White (gandalf digital net) (4 replies)

RE: MD5 To Be Considered Harmful Someday Dec 08 2004 04:01AM
David Schwartz (davids webmaster com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:30PM
George Georgalis (george galis org) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 04:36AM
Gandalf The White (gandalf digital net) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Keith Oxenrider (koxenrider sol-biotech com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:17PM
Solar Designer (solar openwall com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 10:03PM
Dan Kaminsky (dan doxpara com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 11 2004 07:26PM
Solar Designer (solar openwall com)

Re: MD5 To Be Considered Harmful Someday Dec 09 2004 01:47AM
Pavel Kankovsky (peak argo troja mff cuni cz)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:48PM
Paul Wouters (paul xtdnet nl) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 11:23PM
Adam Shostack (adam homeport org)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:52PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:05PM
Paul Wouters (paul xtdnet nl)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:51AM
Joel Maslak (jmaslak antelope net) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 07:22PM
Steve Friedl (steve unixwiz net)

On Tue, Dec 07, 2004 at 06:51:48PM -0700, Joel Maslak wrote:
> That can be a problem. It breaks non-repudiation - someone could create
> such a "swappable" contract and go to court and say "Yes, that's a valid
> signature, but I really signed *THIS* document which just happens to have
> an identical signature." Of course if I was called upon to testify, I
> would respond, "Yes, but it is clear this contract was written with the
> intent to defraud us, as to get this property, it has to be constructed in
> a very specific mind with this fraud in mind at time of contract
> origination..."

Bruce Schneier has long suggested that when signing a document made by
others, make some cosmetic changes to break any precomputed hash that
the creator might have in store for you.

Also: those who are not fully up to speed on the details of crypto hashes
might find my Tech Tip helpful:

An Illustrated Guide to Cryptographic Hashes
http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

Steve

--
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve (at) unixwiz (dot) net [email concealed]

[ reply ]

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 12:13AM
Tim (tim-security sentinelchicken org) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:35PM
Dragos Ruiu (dr kyx net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 06:52PM
David F. Skoll (dfs roaringpenguin com)

Re: MD5 To Be Considered Harmful Someday Dec 05 2004 11:04PM
Ruth A. Kramer (rhkramer fast net)