security - Is it possible to create a forged file which has the same checksums using two different algorithms? -

-

I was slightly inspired by this blog entry (German)

The current assumption is that MD5 and Both Sha1 have broken down easily and not fast, but for at least one practical possibility, for MD5 in the range. (I'm not exactly cryptologist, so maybe I'm wrong as stuff).

So I asked myself if it would be possible to create a file, same size , as the original file A same MD5 amount , And same amount 1 amount

First of all, will it be possible?

Second, is it possible with the current hardware / software in reality?

If not, the easiest way to assure honesty is not to have one file always used to use two different algorithms, even if they have some kind of weakness?

Renew :

Just to clarify: This idea is a file A and a file that meets the requirements:

< Previous> Size (A) == Size (A ') && md5sum (A) == MD5 SUM (A') && SHA1sum (A) == Sha1sum (A ')

"Would this be possible?" - Yes, if the total size of the checksum is smaller than the total size of the file, then it is impossible to avoid collision.

"Is the reality possible with existing hardware / software?" If it is possible to create a text to match the checksum given for the use of each checksum, then yes.

See, that's a useful word for Google.

From that page:

"However, for Merkle-Damaged Hash Functions, the concerted function is strong, not only strong as the strongest component. That 2-collision: If possible to find two messages with the same MD5 hash, then it is not very effective as many messages are received, as the attacker wants with the same MD5 hash. The same MD5 hash Along with N messages should be a collision in SHA-1 SHA-1 And (require additional work polynomial to find beyond the pursuit of exponential birthday). This argument is summarized by Finni. "


Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more