Perhaps Cisco and friends should take to periodically printing MD5 checksums in full page ads in the New York Times or similar? Maybe not impossible for an attacker to replicate, but it certainly does raise the bar :) On Tue, May 27, 2008 at 3:07 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 27 May 2008 19:49:21 BST, michael.dillon@bt.com said:
Like MD5 File Validation? - "MD5 values are now made=20 available on Cisco.com for all Cisco IOS software images for=20 comparison against local system image values."
I would expect a real exploit to try to match Cisco's MD5 hashes.
Although there is a known attack against MD5 that will generate two plaintexts with the same (unpredictable) hash, there is as yet no known way significantly better than brute force to generate a file which hashes to a given hash. On the other hand, there have been multiple cases where vandals have replaced a file on a download site, and updated the webpage to reflect the new MD5 hash.
If you were an attacker, which would you go with:
1) The brute-force attack which will require hundreds of thousands of CPU-years.
2) The super-secret attack that causes a collision to a given hash that none of the crypto experts know about yet.
3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.
By all means, check those hashes after you download them but I would suggest calculating a hash using an alternate algorithm for later checking.
You missed the point - if the *FILE* you downloaded from a webpage is suspect, why do you trust the MD5sum that *the same webpage* says is correct?