Is the file known?
-
-
Replying to @Sc00bzT @CryptoBits_eu
No, that's the sorta the whole point of tweeting hashes :) You keep the input secret, but later on you want to be able to show you had it at along.
1 reply 0 retweets 0 likes -
Replying to @colmmacc @CryptoBits_eu
So how can you collide against "MD5(
+ salt)." if you don't know
… wait that's still preimage. You mean you can find "MD5(
+ salt) = MD5(
' + salt)" because you can do that with HMAC.2 replies 0 retweets 0 likes -
HMAC is: prefix0 = padToBlock(key) ^ 0x36363636… prefix1 = padToBlock(key) ^ 0x5c5c5c5c… inner = H(prefix0 || message) output = H(prefix1 || inner) Pick any key it doesn't matter. Now collide "H(prefix0 || message) = H(prefix0 || message')" now you have an HMAC collision.
1 reply 0 retweets 0 likes -
Replying to @Sc00bzT @CryptoBits_eu
The answer is right there in your break-down. The tweet contains output, nothing more. 1st: How do you get from the output to inner? 2nd: let's say you somehow got inner, how do you collide both hashes that have related prefixes? and output hash is *severely* constrained.
1 reply 0 retweets 0 likes -
Replying to @colmmacc @CryptoBits_eu
You're describing a preimage you also can't do that with MD5.
1 reply 0 retweets 1 like -
Replying to @Sc00bzT @CryptoBits_eu
Right, MD5 is still pre-image resistant, which is a big part of what makes HMAC_MD5 better than MD5. If I tweet MD5(file || salt), someone can craft a collision and claim that's the input. Not so with HMAC_MD5. Disclaimer: MD5 for illustration purposes only. Use SHA2!
1 reply 0 retweets 0 likes -
Replying to @colmmacc @CryptoBits_eu
OK so how would this work if MD5 is preimage resistant and a preimage is "given y, find x: H(x) = y": "If I tweet MD5(file || salt), someone can craft a collision and claim that's the input."
1 reply 0 retweets 0 likes -
Replying to @Sc00bzT @CryptoBits_eu
The same way that the Flame MD5 collision was generated.
1 reply 0 retweets 0 likes -
Replying to @colmmacc @CryptoBits_eu
That was creating two messages that have the same hash: H(x) = H(y). Not given a hash and finding a message that matches it: H(x) = y.
1 reply 0 retweets 0 likes
Yes, finding two messages with the same hash is what allows someone to claim that they have the input. You should sleep on this, or let it sit with you.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.