Posted by kecoak on Jan 2, 2009
Post a Comment
MD5 Collision attack stories
Categories: Vulnerabilities | 1 comment
Mumpung masih hangat mengenai MD5 collision attack, ada satu referensi yang cukup simple namun sangat membantu untuk memahami apa efek dari keberhasilan serangan MD5 collision ini. Cerita lengkapnya bisa didapatkan dari sini.
Dari cerita tersebut, kita bisa melihat ada 2 buah surat yang isinya berbeda namun memiliki hash MD5 yang sama persis:
Isi dari: Letter_of_rec.ps
Julius. Caesar
Via Appia 1
Rome, The Roman Empire
May, 22, 2005
To Whom it May Concern:
Alice Falbala fulfilled all the requirements of the Roman Empire
intern position. She was excellent at translating roman into her gaul
native language, learned very rapidly, and worked with considerable
independence and confidence.
Her basic work habits such as punctuality, interpersonal deportment,
communication skills, and completing assigned and self-determined
goals were all excellent.
I recommend Alice for challenging positions in which creativity,
reliability, and language skills are required.
I highly recommend hiring her. If you’d like to discuss her attributes
in more detail, please don’t hesitate to contact me.
Sincerely,
Julius Caesar
Isi dari: order.ps.eps
Julius. Caesar
Via Appia 1
Rome, The Roman Empire
May, 22, 2005
Order:
Alice Falbala is given full access to all confidential and secret
information about GAUL.
Sincerely,
Julius Caesar
Teori dasar dari mekanisme hash adalah tidak mungkin 2 binary yang berbeda walaupun perbedaannya hanya 1 bit memiliki hash yang sama. Let’s see hasil dari kedua file diatas:
$ md5 letter_of_rec.ps.eps
MD5 (letter_of_rec.ps.eps) = a25f7f0b29ee0b3968c860738533a4b9
$ md5 order.ps.eps
MD5 (order.ps.eps) = a25f7f0b29ee0b3968c860738533a4b9
Kedua file yang telah dimodifikasi tsb bisa didapatkan dari sini dan sini.
One Response to “MD5 Collision attack stories”
Leave a Reply
http://g0oglehack.blogspot.com