undefined | Better HN

0 pointshatsunearu10y ago0 comments

What? Pretty sure you're wrong.

Yes, MD5 preimage resistance is not broken (to a reasonable degree).

If you have the Ubuntu 16.04 ISO (you do), and if you have its hash, the attack to craft a different ISO with the same hash is a collision attack.

A preimage attack is if you had some hash y where y=H(x) where x is some file/whatever, and trying to find out possible values of u that give rise to y when you do H(u), without the knowledge of x.

0 comments

3 comments · 1 top-level

avar10y ago· 2 in thread

No. What you're describing is just a subset of preimage attacks.

Not having knowledge of x is just one type of preimage attack, a "preimage resistance". You can also know x, then it's a "second-preimage resistance".[1]

Which is not the same as a collision attack. Where you're trying to find x and y such that h(x) = h(y) without anyone specifying x or y in advance.

By definition a collision attack is an attack where you specifically craft both x and y such that they exploit weaknesses in the algorithm.

It's not enough to know an arbitrary x or y that someone else has made, because that value isn't going to be exploiting the weakness.

1. https://en.wikipedia.org/wiki/Preimage_attack

hatsunearuOP10y ago

yeah, you're right. my bad.

mceachen10y ago

(how many sites on the internet have a discussion where people are both patient and civil with each other, and the discussion results in mutual understanding?)

1 more reply

j / k navigate · click thread line to collapse