Vista - Re: Open Source Developers Shun Micoshaft Corporation

10-01-2007

"Peter Köhlmann" <peter.koehlmann@xxxxxx-online.de> wrote in message
news:fdqfss$knj$02$1@xxxxxx-online.com...

Quote:

> /quote
> Q: What is a collision attack and a preimage attack?
> A: A preimage attack would enable someone to find an input message that
> causes a hash function to produce a particular output. In contrast, a
> collision attack finds two messages with the same hash, but the attacker
> can't pick what the hash will be. The attacks announced at CRYPTO 2004 are
> collision attacks, not preimage attacks.
> /unquote
>

So they cretae a file and get an md5 sum for that file.
Then they create a new file with defined data in part of it and then change
the other half to give the same checksum.
How is this different from what I want to do other than which bits of the
file are changed and which are left alone?
I may be being thick but in principle it does what I would need to do
AFAICS.

All your other stuff is just a smoke screen IMO.

Quote:

>
> See that part about "a hash function to produce a particular output",
> dennis? That is a preimage attack. You don't have that with MD5
>
> But that is what you would need to get data which matches a valid MD5Sum
>
> MD5 is vulnerable to "collision attacks", but then you can't pick the
> hash.
> In short, you can't control the output, thus making it impossible for you
> to generate a ISO with matching MD5. In short, MD5 is just fine to protect
> an ISO image against tampering

From reading the pdf I just don't see where it says that is true.
It states they take a file (data set) and changesome of it and generate the
rest to get the same checksum.
In principle they have hacked the file just as I would need to hack the iso.

Quote:

>
> *That* has been told to you gazillion times, and you still blubbered
> your "hacked MD5 generator to produce data" idiocy

The bit of evidence presented so far does not support your claims.

Quote:

>
> You are really a worthy windows user. Stupid beyond imagination. Your
> fellow
> Vista lusers will be proud of you

Present some evidence that what you say is true rather than evidence that
says it isn't.

10-01-2007	#1 (permalink)
dennis n/a posts	Re: Open Source Developers Shun Micoshaft Corporation "Peter Köhlmann" <peter.koehlmann@xxxxxx-online.de> wrote in message news:fdqfss$knj$02$1@xxxxxx-online.com... Quote: > /quote > Q: What is a collision attack and a preimage attack? > A: A preimage attack would enable someone to find an input message that > causes a hash function to produce a particular output. In contrast, a > collision attack finds two messages with the same hash, but the attacker > can't pick what the hash will be. The attacks announced at CRYPTO 2004 are > collision attacks, not preimage attacks. > /unquote > So they cretae a file and get an md5 sum for that file. Then they create a new file with defined data in part of it and then change the other half to give the same checksum. How is this different from what I want to do other than which bits of the file are changed and which are left alone? I may be being thick but in principle it does what I would need to do AFAICS. All your other stuff is just a smoke screen IMO. Quote: > > See that part about "a hash function to produce a particular output", > dennis? That is a preimage attack. You don't have that with MD5 > > But that is what you would need to get data which matches a valid MD5Sum > > MD5 is vulnerable to "collision attacks", but then you can't pick the > hash. > In short, you can't control the output, thus making it impossible for you > to generate a ISO with matching MD5. In short, MD5 is just fine to protect > an ISO image against tampering From reading the pdf I just don't see where it says that is true. It states they take a file (data set) and changesome of it and generate the rest to get the same checksum. In principle they have hacked the file just as I would need to hack the iso. Quote: > > That has been told to you gazillion times, and you still blubbered > your "hacked MD5 generator to produce data" idiocy The bit of evidence presented so far does not support your claims. Quote: > > You are really a worthy windows user. Stupid beyond imagination. Your > fellow > Vista lusers will be proud of you Present some evidence that what you say is true rather than evidence that says it isn't.
My System Specs

Similar Threads
Thread	Forum
Re: Open Source	Vista General
Open Source	Vista General
Open Source?	Live Messenger
Dear Stevie "Developers, Developers, Developers!" Ballmer.....	Vista General
WMP Icon-Open request to developers!!!!!-URGENT	Vista General