Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 5 Aug 2014 14:38:05 +1000
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Possible CVE request: subversion MD5 collision
 authentication leak

On 5 August 2014 08:32, Ben Reser <ben@...er.org> wrote:
> I think your understanding of the current state of MD5 collision attacks is out
> of date.  Chosen prefix attacks are possible.  See:
> http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/
>
> The MD5 hash is created off the data in the following format:
> <$URL> $REALM
>
> An attacker trying to take advantage of this only needs the $URL portion to
> match their server.  The $REALM can then be whatever data is required to make
> the MD5 hash match the system they are trying to attack.

Just to clarify - does the attacker have control of both $REALM parameters?

A chosen prefix collision still requires the attacker provide both
inputs (or at-least
the suffix to both inputs).

Regards,
  Michael

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ