Unless I'm missing something, security of 2 and 3 is the same because everything is unknown. Some might falsely claim length extension attack but that doesn't help. Same for collisions.
Right, MD5 is still pre-image resistant, which is a big part of what makes HMAC_MD5 better than MD5. If I tweet MD5(file || salt), someone can craft a collision and claim that's the input. Not so with HMAC_MD5. Disclaimer: MD5 for illustration purposes only. Use SHA2!
-
-
OK so how would this work if MD5 is preimage resistant and a preimage is "given y, find x: H(x) = y": "If I tweet MD5(file || salt), someone can craft a collision and claim that's the input."
-
The same way that the Flame MD5 collision was generated.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
+ salt).