Hacker News new | ask | show | jobs
by denton-scratch 902 days ago
> only broken for encryption

It's broken in an adversarial situation: given the hash of evidence-file A, it's possible to construct a file B that gives the same hash.

But it would be a different matter entirely to construct a file B that actually looked like a file of evidence relevant to the case. I don't know how lawyers use these hashes, but unless they're being used to detect malicious tampering, I don't see what's wrong with MD5. And since the files to be hashed are evidence, they're in the custody of a court; things have got quite bad if court officials might be tampering with evidence.
1 comments
aljarry 902 days ago
> It's broken in an adversarial situation: given the hash of evidence-file A, it's possible to construct a file B that gives the same hash.

No, that's a second preimage attack. MD5 is safe against preimage & second preimage attacks.

What MD5 is not safe against, is a collision attack: you can create two messages/files with different content, that end up having the same hash.

link
denton-scratch 902 days ago
Yeah, sorry. TFA made that clear.

So to exploit the vulnerability, you have to be able to manipulate file A, the original piece of evidence, to construct a file B that has a matching hash. I still fail to see how this impacts files submitted to a court in evidence.

link