Hi
I was wondering why do you think it's safe to use MD5 hash instead of for example SHA-2. From what I heard MD5 is very susceptible to collision attacks.
Page 1 / 1
Hello!
While collision attacks are possible with MD5s (and other "unique" checksums) it does require much effort. A hacker using this method to try and compromise our system would be faced with a few challenges.
Please don't hesitate to reply with any further queries.
Thanks!
While collision attacks are possible with MD5s (and other "unique" checksums) it does require much effort. A hacker using this method to try and compromise our system would be faced with a few challenges.
- What they include in the file will be extremely limited. To fit malicious code into a file whilst maintaining the signature is some feat. It would not be feasible to create whole strains of malware using a method such as this.
- MD5 is just one way that we use to identify files. Webroot's unique intelligence network (which allows for our superfast cloud-based detection) has many other metrics, functions, rules etc. This flexibility helps us catch new strains of infections immediately even if an infection has been modified in many ways.
- As well as having a flexible central intelligence network our system also involves detection and remediation on the client side, even if a machine is offline.
- MD5 collision attacks are only scalable for certain file sizes and for the typical malware filesize intelligent compromise would be practically impossible.
Please don't hesitate to reply with any further queries.
Thanks!
Thanks a lot for the answer. Sounds convincing enough for me:)
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.