* Török Edwin wrote: > On 05/25/2010 08:21 PM, Nathan Gibbs wrote: >> The question isn't, why was this created? > > For hash collisions it matters how it was created. A lot. > If you create two files A and B with the same hash, that is a hash > collision.
Right. > If you have a file A, and want to create another file B that is called a > preimage attack, and that is *significantly* harder to do than a mere > hash collision. And I don't just mean orders of magnitude harder, but > usually N^2 harder. > > Google for 'birthday paradox' and cryptography to see why a collision is > easier than a preimage attack. > Ah, very enlightening. To build an arbitrary collision is trivial, but to build a collision with a known hash is harder. What I've been suggesting is a preimage attack. Not impossible, just very difficult. >> The question is, is this file a virus? >> >> >> Until we have a loaded & clean file that are the same size and have the same >> MD5 checksum, this discussion is just theoretical. >> >> We need the test case outlined above to "blow up" the current Engine. Until >> someone builds it, this won't get fixed. I sincerely hope the "good guys" >> build it first. > But someone will build this. As time goes on, the difficulty of a preimage attack will decrease. Remember at one point MD5 collisions were considered impossible. When a preimage becomes as trivial as a collision attack, the ClamAV Engine will be worthless. > Well I guess we could have a switch so you can turn off caching if you > want to be paranoid. > Paranoia aside, that would be a great idea, regardless of what hashing algorithm is in use. For instance, say you used sha512, and somebody broke it tomorrow. And I don't mean broke it like MD5, I mean decimated it. We could all pull that switch as a workaround until you guys got a secure algorithm in place. The user base would be covered, and you guys wouldn't have as much pressure to hurry up and get a new release out the door yesterday. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
