I don't think tripellex was suggesting that Sony used an MD5 hash
I think he meant that as we now have access to encrypted and unencrypted versions of the same file, you could generate an MD5 hash of the unencrypted file, then repeatedly try and decrypt the encrypted file using random hashes, and then generate an MD5 hash on those attempted decryptions until it matches the MD5 hash you got from the original unencrypted file?
Exactly. Once the MD5 hashes sync up, we know the file's cracked. Doing this in a cloud format would greatly speed up the process.
Again, if I'm misinformed about encryption protocals here, please do correct me so I'm not just talking out of my a$$
TITLE: MD5 Algorithm Cracked Using Gaming Consoles
security researchers have successfully created a forged certificate authority, exploiting a so-called "colliding certificates" attack, clearly indicating that the certification authorities must advance their security related standards with immediate effect.
The researchers used 200 PS3 game consoles over eight days.
With a rainbow table you can crack an md5 in about 25 seconds - 4 minuets using the above method. MD5 is not that secure, as I found out last night, it only allows for quick easy compare method as you can tell whether the file was tampered with.
Well, what i've posted is for cloning certificates, by creating collisions so that you can have two different certificates with the same md5 integrity verification validated...
MD5 is just for checking the integrity of files (i.e.: if you change one single bit inside a file, the MD5 hash check will fail) - not to encrypt/decrypt...
I mean, you can theoretically have two hashes (one for the decrypted file and one for the encrypted file), which would be verified and accepted by your PS3 - this assuming that PS3 was/is/were using Md5 checks - but what would the PS3 do with the already decrypted file which has a valid MD5 check ? doesn't the PS3 needs to "decrypt" the already decrypted (and MD5 integrity checked) file so to execute it?
What you really need to know is what encryption/decryption method is being used by PS3..
You don't decrypt md5 you just use it to compare to an already known file/hash. So the ps3 would use the md5 to insure that the file is either complete or correct. It is in fact impossible to decrypt a md5 since it has multiple answers which is the reason collisons work. Its 2 answers to the same problem.
example of some Integrity check (Authentication) Algorithms:
MD5; SHA1; SHA-2; CRC; CRC32; etc
example of some Encryption algorithms:
RSA; DES; 3DES; Blowfish; RC4; etc
In my limited knowledge of cryptography and based on what i've always considered to be the way cryptography worked, idk how can you use MD5 has an encryption algo, since it was never designed to do so.