[3857] in cryptography@c2.net mail archive
Re: MD5
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Dec 26 12:57:30 1998
Date: Sat, 26 Dec 1998 17:36:42 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Eric Murray <ericm@lne.com>
Cc: Andrew Maslar <amaslar@home.com>, Cryptography List <cryptography@c2.net>
Eric Murray wrote:
>
> On Fri, Dec 25, 1998 at 11:37:03AM -0500, Andrew Maslar wrote:
> > Hello all.
> >
> > I'm new to the list; hope I can be helpful some day.
> > But first a question:
> >
> > I'm toying around with various protocols for key exchange, and I wonder,
> > if an attacker intercepted the result of the following operation:
> >
> > md5(x) + md5(x + y + z)
> >
> > (the +'s mean concatenation)
> >
> > and the attacker already knew:
> >
> > 1. the nature of the operation
> > 2. x
> > 3. z
> >
> > Could s/he compute y?
>
> You really want to ask "how hard would be for an attacker
> to compute y?". It's always possible, it's just a question
> of being practical (or more properly, cost-effective for
> the attacker).
Surely in the case of MD5 (or any other hash) the question is "how hard
would it be for an attacker to compute a value that gives the same
result as y?". Of course, y is one candidate, but generally there are an
infinity of them, right?
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
