Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


MD5 To Be Considered Harmful Someday
.

  • To: [EMAIL PROTECTED]
  • Subject: MD5 To Be Considered Harmful Someday
  • From: "James A. Donald" <[EMAIL PROTECTED]>
  • Date: Tue, 07 Dec 2004 15:57:38 -0800
  • In-reply-to: <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
    --
On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
> * Many popular P2P networks (and innumerable distributed 
> content databases) use MD5 hashes as both a reliable search 
> handle and a mechanism to ensure file integrity.  This makes 
> them blind to any signature embedded within MD5 collisions. 
> We can use this blindness to track MP3 audio data as it 
> propagates from a custom P2P node.

This seems pretty harmful right now, no need to wait for 
someday.

But even back when I implemented Crypto Kong, the orthodoxy was 
that one should use SHA1, even though it is slower than MD5, so 
it seems to me that MD5 was considered harmful back in 1997, 
though I did not know why at the time, and perhaps no one knew 
why.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     bEcutcm49V2l4gs02N+hlx0RuvlNCxolYqbHGLNY
     4kL6H698sHcon3pASMijUxPq4KE3Se5Mp7xNpDH7r



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.