[Esip-preserve] On Earth Science Data File Uniqueness

Brian Duggan brian.duggan at nasa.gov
Wed Feb 16 10:44:53 EST 2011


On Wed, Feb 16, 2011 at 07:10:25AM -0600, Curt Tilmes wrote:
> On 02/15/11 08:29, Bruce Barkstrom wrote:
> > As a minor note, I believe both MD5 and SHA-1 are believed to be
> > "broken" (or "slightly flawed") cryptographic digests.  This means
> > that there might be some way for someone to forge IDs.  Don't know
> > that there have been any successful uses of the vulnerability - but
> > most cryptographers would probably think that was just a matter of
> > time.
> 
> Indeed --
> http://en.wikipedia.org/wiki/MD5#Security
> http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> 
> I haven't done a huge amount of research on those, but my
> understanding is that each of the published attacks compromise
> cryptographic uses like non-repudiation, since they allow a malicious
> agent to change the content in such a way that the digital signature
> is still the same.

They are collision attacks, not pre-image attacks.  An agent/man-
in-the-middle changing content without changing the hash would be
a pre-image attack.

<http://tools.ietf.org/html/rfc4270>

"2.1.  Currently Known Attacks

   All the currently known practical or almost-practical attacks on MD5
   and SHA-1 are collision attacks.  This is fortunate: significant
   first- and second-preimage attacks on a hash algorithm would be much
   more devastating in the real world than collision attacks, as
   described later in this document."

Brian




More information about the Esip-preserve mailing list