Re: [NSPipe pipe] returning nil (running out of filehandles?)

FROM : Alastair Houghton
DATE : Wed Apr 02 18:50:22 2008

On 2 Apr 2008, at 17:19, John Stiles wrote:

> I take it all back; in 2007 there was an MD5 attack discovered which 
> actually allows for completely different binaries that sign the 
> same. Check Wikipedia for the details, but basically MD5 is totally 
> broken now. Wow, times change!!



Actually I don't think you should take it back; it looks to me like 
the problem that has been solved (that of finding two files with the 
same prefix that have the same MD5 sum) is not a useful exploit in 
most cases.

In order for it to be a real vulnerability, you would need an 
algorithm that, as you say, allows someone to take an arbitrary file 
and add some bytes that are determined by the algorithm in order to 
match a given hash.  I don't believe, from what I've read, that that 
particular problem has been solved.

The vulnerability that we have currently would only allow the original 
creator of a file to generate another file with the same checksum, and 
only under certain preconditions, so I contend that, as you originally 
stated, MD5 is not fully broken (and not even usefully broken in many 
respects).

Kind regards,

Alastair.

--
http://alastairs-place.net