Askemos 2000 (Archive)
home · features · download · archive

MD5

"Message Digest 5" is an often used cryptographic check sum.

I has been found vulnerable: http://developers.slashdot.org/article.pl?sid=04/12/07/2019244 and is effectively dead since it has been possible to create two meaningful documents of entirely different content, which produce an identical md5 has value.

It's possible to actually exploit (german) that vulnerability:

http://www.win.tue.nl/~bdeweger/CollidingCertificates/

http://it.slashdot.org/article.pl?sid=05/11/15/2037232

collision soure code http://www.stachliu.com.nyud.net:8090/collisions.html made it possible to create arbitrary X.509 (SSL) certificates see Heise (german).

Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5 'For abusing a chosen-prefix collision on a software integrity protection or a code signing scheme, the attacker should be able to manipulate the files before they are being hashed and/or signed. This may mean that the attacker needs insider access to the party operating the trusted software integrity protection or code signing process.' - Which is clearly not the case in Askemos implementations.





border
last modification: Mon, 03 Dec 2007 10:27:21 +0100
authors: jfw,
document identifier: A849640f672ed0df0958abc0712110f3c
delivered to public at Mon, 28 Jul 2014 10:16:24 +0200
short comments


rss

pdf :: context view

search



24 Apr 2004 DefineInsecureMode
12 Dez 2010 FreeBSD
07 Dez 2010 BALLFeatures
05 Dez 2010 ByzantineAgreement
04 Dez 2010 SQLITE
03 Dez 2010 SRS
12 Okt 2010 WebDAV
12 Sep 2010 SQL
16 Jun 2010 BALL
16 Jun 2010 CouchDB
16 Jun 2010 AskemosServer
07 Mai 2010 SystemRequirements
30 Mar 2010 ProjectsOnThePlate
30 Mar 2010 AskemosResources
30 Mar 2010 RSchemeInstall
30 Mar 2010 INSTALL
30 Mar 2010 ChickenScheme
debug-access.scm
27 Nov 2009 subscriber
development
12 Jul 2009 test
01 Jul 2009 TrustCenter
27 Dez 2008 JKomG
26 Dez 2008 FanOut
26 Dez 2008 MIME
NetBSD
NOTE
02 Mai 2006 AskemosTopMenu
18 Nov 2008 StorageAdaptor
18 Nov 2008 PStoreStorageAdapt
18 Nov 2008 OperationTips
15 Nov 2008 PCRE
04 Nov 2008 ProgrammingLanguag
09 Sep 2008 RelatedProjects
23 Jul 2008 ModuleStructure05
17 Jun 2008 NEWS
17 Jun 2008 HTML
17 Jun 2008 ACM
22 Mai 2008 HTTP
22 Mai 2008 BOSH
10 Mai 2008 AskemosBibliograph
10 Mai 2008 JerrysDreamAbstrac
20 Apr 2008 XSLT
11 Mar 2008 CodingStyle
10 Mar 2008
09 Mar 2008 MIMEConverter
BSD
07 Mar 2008 XML
06 Mar 2008 SRFI
01 Mar 2008 RFC4810
01 Mar 2008 RFC4998






Add


home · features · download · archive