How does Nginx look-up cached resource?
Gena Makhomed
gmm at csdoc.com
Fri Sep 4 21:20:06 UTC 2015
On 04.09.2015 22:43, Maxim Dounin wrote:
>>> For sure this is something that can be done. The question remains
>>> though: how often collisions are observed in practice, is it make
>>> sense to do anything additional to protect from collisions and
>>> spend resources on it? Even considering only md5, without the
>>> crc32 check, no practical cases were reported so far.
>>
>> What?
>> That SHOULD be done! Once is already too much!
>
> No one yet happened. And likely won't ever happen, as md5 is a
> good hash function 128 bits wide, and it took many years to find
> even a single collision of md5. And even if it'll happen, we have
> crc32 check in place to protect us.
"and it took many years to find even a single collision of md5"
This is not true:
The security of the MD5 hash function is severely compromised.
A collision attack exists that can find collisions within seconds
on a computer with a 2.6 GHz Pentium 4 processor (complexity of 2**24.1)
- https://en.wikipedia.org/wiki/MD5#Security
============================================
Vulnerability Note VU#836068:
Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and
users should avoid using the MD5 algorithm in any capacity. As previous
research has demonstrated, it should be considered cryptographically
broken and unsuitable for further use.
- http://www.kb.cert.org/vuls/id/836068
============================================
For comparison:
Variable-length hash function SHAKE128 from SHA-3 standard,
for message M and output length 128 bit - SHAKE128(M, 128)
have high collision resistance, its security is 64 bits.
Also, using SHA-3 SHAKE128 instead of MD5 will be good
for marketing purposes and for nginx compliance with
any existing security standards and recommendations,
which forbid and not recommend any usage of MD5.
Theoretically, it is possible situation, what some of
potential customers of NGINX Plus can't use NGINX Plus
because NGINX Plus internally use MD5, which is broken.
============================================
Or:
[...] While MD5 is known to be fast, it is also known to be broken,
allowing a malicious user to craft colliding inputs. zbackup uses
SHA1 instead. The cost of SHA1 calculations on modern machines
is actually less than that of MD5 (run openssl speed md5 sha1
on yours), so it's a win-win situation. We only keep
the first 128 bits of the SHA1 output [...]
- http://zbackup.org/
============================================
--
Best regards,
Gena
More information about the nginx-devel
mailing list