|
|
BugTraq
MD5 To Be Considered Harmful Someday Dec 06 2004 11:29PM Dan Kaminsky (dan doxpara com) (3 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:46AM Joel Maslak (jmaslak antelope net) (2 replies) MD5 To Be Considered Harmful Today Dec 08 2004 01:39AM Pavel Machek (pavel ucw cz) (1 replies) Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:23PM Dan Kaminsky (dan doxpara com) (1 replies) Re: MD5 To Be Considered Harmful Someday Dec 07 2004 10:54PM Gandalf The White (gandalf digital net) (4 replies) RE: MD5 To Be Considered Harmful Someday Dec 08 2004 04:01AM David Schwartz (davids webmaster com) (2 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:30PM George Georgalis (george galis org) (1 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 04:36AM Gandalf The White (gandalf digital net) (3 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM Keith Oxenrider (koxenrider sol-biotech com) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:17PM Solar Designer (solar openwall com) (1 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 10:03PM Dan Kaminsky (dan doxpara com) (2 replies) Re: MD5 To Be Considered Harmful Someday Dec 09 2004 01:47AM Pavel Kankovsky (peak argo troja mff cuni cz) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:48PM Paul Wouters (paul xtdnet nl) (2 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:52PM Dan Kaminsky (dan doxpara com) (1 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:51AM Joel Maslak (jmaslak antelope net) (1 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 12:13AM Tim (tim-security sentinelchicken org) (2 replies) Re: MD5 To Be Considered Harmful Someday Dec 08 2004 06:52PM David F. Skoll (dfs roaringpenguin com) |
|
Privacy Statement |
> >:~/misc/md5$ cat msg1
> >I agree to sell you my horse ^Fita^, its saddle and harness for price
> >14000 dollars. Signed Bara
> >
> >
> >
> Except you can't do this, since the appended data needs to be identical
> between the two files. That's why I used the encrypted payload -- it
> ties the semantic meaning of the embedded commands to posession of
> vec1's series of bits, which is of course what a cipher is meant to do.
>
> Your payloads differ but the above line is incorrect. Your actual
> appended files:
>
> $ cat msg1
> [terminal garbage]I agree to sell you my horse ^Fita^, its saddle and
> harness for price 1 000 dollars. Signed Bara
>
> $ cat msg2
> [slightly different terminal garbage]I agree to sell you my horse
> ^Fita^, its saddle and harness for price 1 000 dollars. Signed Bara
Actually, no, it is not. Try catting it on linux console. It takes
the garbage, overwrites it with ^Hs, then writes ... "its saddle and
harness for price 1", then shifts cursor right (over 4 or `,
depending on first block), then continues with "000 dollars".
My trick does *not* work in Gnome Terminal (I've just verified
it). You need actuall linux console, press ctrl-alt-F1 on most distros
to get to one... but if you tell me what terminal you use, I can
probably create terminal sequence that works there...
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
[ reply ]