lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 7 Dec 2004 18:46:20 -0700 (MST)
From: Joel Maslak <jmaslak@...elope.net>
To: Dan Kaminsky <dan@...para.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: MD5 To Be Considered Harmful Someday


On Mon, 6 Dec 2004, Dan Kaminsky wrote:

> I've been doing some analysis on MD5 collision announced by Wang et al.
> Short version:  Yes, Virginia, there is no such thing as a safe hash
> collision -- at least in a function that's specified to be
> cryptographically secure.  The full details may be acquired at the
> following link:

The short-term fix seems to be something I've been recommending for a
while:

Compute hashes with both SHA-1 and MD5.

The chance of one algorithm becoming compromised in the mid-term is
relatively high IMHO (I was responsible for a PKI system which had to keep
integrity for 20 year periods of time - not an easy task considering what
we don't know about the future).  The chance of two becoming compromised
is relatively less.  The chance of a problem with MD5 and SHA-1 allowing
two different files to have collisions in both algorithms in *BOTH* is
very very small.

-- 
Joel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ