MD5 still useful fo...
 
Notifications
Clear all

MD5 still useful for forensics?

18 Posts
10 Users
0 Likes
1,052 Views
 Eddi
(@eddi)
Posts: 9
Active Member
Topic starter
 

Apparently a group of Chinese mathematitions has found out, how to provoke collisions in an MD5 hashcode.

http://www.x-ways.net/md5collision.html shows two different files producing the same MD5 hashcode. The site also has a link to the publication with the underlying mathematics.

This obviously emphasizes the need to verify images, copy operations etc. with more than one hashcode.

/Eddi

 
Posted : 29/08/2004 6:52 pm
(@trbrophy)
Posts: 1
New Member
 

In the short term I think it's probably still applicable, but an alternative should be identified soon so that it can be used before the md5 hash is easily compromised.

 
Posted : 30/08/2004 4:15 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Welcome, both, to Forensic Focus.

I must confess I haven't had time to read the full paper referenced above. As someone else said recently one aspect to keep in mind when considering collisions is a kind of "sense check" on the context the disputed file finds itself in (i.e. although it has the "correct" hash, do the contents make sense in the wider scope of the investigation?) That's not to say that easily manufactured collisions aren't an issue, just something extra to think about. The hashing process, and more specifically its place in the courtroom, is absolutely crucial in forensic investigations for both the defence and the prosecution. Any weakness in the established procedure could potentially harm the case of either side, depending on the nature of the investigation and the dispute.

Let's keep an eye out for any further developments and post 'em if we learn more.

Jamie

 
Posted : 01/09/2004 9:58 am
docjekill
(@docjekill)
Posts: 4
New Member
 

The X-Ways Forensics software allows easily settling for a different hash algorithm. The 160bit SHA-1 seems a pretty safe solution from our point of view and only takes little extra time to calculate. I personally would rather encourage the use of SHA-1 over MD5, simply because there are known vulnerabilities and also there are simple solutions available. This is basically the reason we published that collision on our website in the first place.

 
Posted : 03/09/2004 9:06 am
Jamie
(@jamie)
Posts: 1288
Moderator
 

docjekill,

Thanks for that extra info and welcome to Forensic Focus!

Kind regards,

Jamie

 
Posted : 03/09/2004 7:50 pm
(@neoit2000)
Posts: 2
New Member
 

thanks for the info mate

really useful

 
Posted : 08/09/2004 8:36 am
docjekill
(@docjekill)
Posts: 4
New Member
 

Thanks for the warm welcome! 🙂 Must mention of course, whatever I may post inside this forum are my (potentially professional, yet still MY) opinions ❗ , so these are not "X-Ways Software Technology says" statements. 🙂

 
Posted : 09/09/2004 10:18 am
Jamie
(@jamie)
Posts: 1288
Moderator
 

Understood, wouldn't have it any other way 😉

Jamie

 
Posted : 09/09/2004 11:37 am
docjekill
(@docjekill)
Posts: 4
New Member
 

Speaking of "potentially professional" - what is the average user profile here? I've seen a couple of posts that make me think the poster is not really part of the forensics field while others do have a certain matter-of-factness about them. How much do you know (or guess) about your users so far?

Regards,

Doc Jekill

 
Posted : 09/09/2004 11:59 am
Jamie
(@jamie)
Posts: 1288
Moderator
 

Impossible to tell for sure, but I think there's about a 50/50 mix of those working in the field and those just interested (or looking for their first position). That's about what I'd like it to be, I think.

The next step is adding useful content and getting things together for the newsletter…

Jamie

 
Posted : 09/09/2004 12:38 pm
Page 1 / 2
Share: