[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-security
Subject: Re: MD5 Collisions...
From: Norberto Meijome <freebsd () meijome ! net>
Date: 2007-12-05 1:44:45
Message-ID: 20071205124445.792e8fd5 () meijome ! net
[Download RAW message or body]
On Tue, 04 Dec 2007 13:43:39 +0100
Iang <iang@iang.org> wrote:
> Perhaps, 1st two paras:
>
>
> ==============
> Md5 is a cryptographic message digest algorithm. It takes
> as input a message of arbitrary length and produces as
> output a 128-bit ``fingerprint'' or ``digest'' of the input.
> Such algorithms are intended for applications where a
> large file must be ``compressed'' in a secure manner,
> suitable as a digital signature or as an input to a
> public-key cryptosystem for digital signature or encryption
> purposes.
>
> MD5 is no longer recommended as a cryptographic message
> digest algorithm, although it functions very well as a big
> checksum. It is now feasible (2004) to produce two messages
> having the same MD5 message digest (``collision'' attack),
> and attacks of this nature are getting better and faster.
> It is still conjectured to be computationally infeasible
> (2007) to produce any message having a given prespecified
> target message digest (``preimage'' attack).
> ==============
>
>
>
> It's worth checking carefully ... discussing the minutiae of
> cryptographic algorithms is like angels dancing on a pin.
thanks Iang - looks good to me.
btw, i just checked man 3 md5 , and it may need updating - it refers to 1999..
"
MD5 has not yet (1999-02-11) been broken, but sufficient attacks
have been made that its security is in some doubt....
"
B
_________________________
{Beto|Norberto|Numard} Meijome
Commitment is active, not passive. Commitment is doing whatever you can to
bring about the desired result. Anything less is half-hearted.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic