how reliable are md5 scanners?

hello..i recently read that there are malware that can sneak in you files without changing the md5 checksum of them..or in case someone sends you a file and its packed with such a malware the md5 sum might match and despite that,the file to be infected...anyone can shed some light on this?if so,there is no point for me to keep using such scanners..

 

Flaws have been found in the MD5 algorithm, but I'm not sure how common it is in the "real world".

If you want a stronger hash algorithm you can replace md5 with e.g. SHA-256 or SHA-512.

 

Hi

What's SHA-256 and SHA-512?

Thanks

 

They're both hashes created for the same purpose as MD5. (from Wikipedia)

 

i see...so are you aware if those flaws are/could be exploited by malware ?

 

What virus are you talking about and how do you mean sneak in and not change md5?

 

as in infecting a legitimate file and use it to start processes,connections e.t.c..im just asking if that is possible..i read somewhere for example that firewalls that use md5 can be fooled like that...might not be very clear,so please feel free to reply in w/e you understood.

 

If a file is changed, the md5 will change. This is because it is a 1 way function. This means that you can hash the file down to a md5 but you can never get a file from a md5. If a virus changes a file, it has no way to make sure the md5 of the changed file remains the same.

Malware may do other things to try in connect out but this is in the realm of leaktesting with proof of concept malware that almost never exist in the wild.

 

A weak hash algorithm with many collisions can potentially be fooled in this way, so that a cracker can replace a file with a modified one with the same MD5 checksum. As you probably know, there are an infinite number of potential files that has the exact same MD5

But I am not aware of malware that does anything like this, and I think it would be difficult and very computationally expensive compared to using other techniques.

The only reason I mentioned SHA-256 / SHA-512 is because those are newer and more secure hash algorithms. There are no known flaws in them, unlike MD5

 

Yes but unlikely. I think you have to have a very good understanding of crypto to do it.

 

Not that bad. It is impossible with any given file, it is only possible in case a file has a special 8-bytes-length sequence. Then it is possible to swap the two bytes (not any two bytes, but only one pair) and md5 will be the same.