Message Digest 5, or MD5, was created by Ronald Rivest in 1991 to replace his previous version, MD4, which was deemed insecure after the results of cryptanalytic work by Bert den Boer and Antoon Bosselaers showed MD4 weaknesses. Interestingly enough, MD4 is the algorithm behind the computation of NT-hash password digests on Microsoft Windows NT, XP and Vista.

MD5 is a cryptographic hash function that takes an arbitrary block of data and returns a bit string of a fixed size commonly called the hash value or the message digest. Think of a hash like a digital fingerprint. MD5 produces a 128-bit message digest that is represented in 32-bit hexadecimal format. The basic operation of a hash function takes a message (input data) and encodes it using a series of rounds where algorithms modify the data to produce a hash value (bit string).

Recent MD5 flaws have been disclosed and as a result of these disclosures, US-CERT has stated that MD5 “should be considered cryptographically broken and unsuitable for further use”. As a result of these flaws, U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010. Another interesting side note: the U.S. National Institute of Standards and Technology (NIST) held an open competition to find a new hash function capable of replacing SHA-2. This new hash function will be called SHA-3 and is expected to become a Federal Information Processing Standard (FIPS) sometime around 2012.

Read More | Comment

Setting up the Metasploit Framework to run on Debian is quite simple. The current stable version of the Metasploit Framework is version 3.2 and is written in the Ruby programming language. The previous version, 2.7, was implemented in Perl. The complete rewrite of the Framework with Ruby requires the following packages to be installed on your system prior to using Metasploit:

apt-get install ruby libruby rdoc
apt-get install libyaml-ruby
apt-get install libzlib-ruby
apt-get install libopenssl-ruby
apt-get install libdl-ruby
apt-get install libreadline-ruby
apt-get install libiconv-ruby
apt-get install rubygems

Read More | Comment

In my programming class this semester which deals with ADTs and algorithms we had to implement our own ADT to handle strings. Normally I will work on my programming assignments in the campus computer lab to avoid any possible issues involving different architectures, versions, libraries, etc. than what I may have at home. (Yes, I realize I could open a session at home on the campus lab systems but I like knowing that it’ll work without any questions later and the lab offers me more space to spread out my materials.) Anyways, I decided that it’s the start of the semester and that the first lab wouldn’t be too difficult and that I could probably complete it at home.

I did a little research involving IDEs and decided to give NetBeans a shot. After the packages had been installed I fired up NetBeans and took it for a spin. Deciding that I liked NetBeans, I began to code my ADT lab assignment and had no issues compiling, linking, or running my code. About an hour later I finished the lab assignment and uploaded the required lab files to my account on the campus lab systems.

The next day, in lab, however, I noticed that the lab had new computers from the previous semester. After logging in and playing around a bit I tried to compile the code I had written the previous night at home. Lo and behold, g++ spit out an error:

ld: fatal: file lab1.o: wrong ELF class: ELFCLASS64

Read More | Comment