The MD5 collision in Problem 25 is said to be meaningless since the two messages appear to be random bits, that is, they do not carry any meaning. Currently, it is not possible to generate a meaningful collision using the MD5 collision attack. For this reason, it is sometimes claimed that MD5 collisions are not a significant security threat. The goal of this problem is convince you otherwise. Obtain the file MD5_collision.zip from the textbook website and unzip the folder to obtain the two Postscript files, rec2.ps and auth2.ps.
a. What message is displayed when you view rec2 .ps in a Postscript viewer? What message is displayed when you view auth2.ps in a Postscript viewer?
b. What is the MD5 hash of rec2.ps? What is the MD5 hash of auth2.ps? Why is this a security problem? Give a specific attack that Trudy can easily conduct in this particular case. Hint: Consider a digital signature.
c. Modify rec2. ps and auth2. ps so that they display different messages than they currently do, but they hash to the same value. What are the resulting hash values?
d. Since it is not possible to generate a meaningful MD5 collision, how is it possible for two (meaningful) messages to have the same
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here