Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: MD5 To Be Considered Harmful Someday
.

  • To: "James A. Donald" <[EMAIL PROTECTED]>
  • Subject: Re: MD5 To Be Considered Harmful Someday
  • From: Eric Rescorla <[EMAIL PROTECTED]>
  • Date: Tue, 07 Dec 2004 21:01:40 -0800
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]> (James A. Donald's message of "Tue, 07 Dec 2004 15:57:38 -0800")
  • References: <[EMAIL PROTECTED]>
  • Reply-to: EKR <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
"James A. Donald" <[EMAIL PROTECTED]> writes:

>     --
> On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
>> * Many popular P2P networks (and innumerable distributed 
>> content databases) use MD5 hashes as both a reliable search 
>> handle and a mechanism to ensure file integrity.  This makes 
>> them blind to any signature embedded within MD5 collisions. 
>> We can use this blindness to track MP3 audio data as it 
>> propagates from a custom P2P node.
>
> This seems pretty harmful right now, no need to wait for 
> someday.
>
> But even back when I implemented Crypto Kong, the orthodoxy was 
> that one should use SHA1, even though it is slower than MD5, so 
> it seems to me that MD5 was considered harmful back in 1997, 
> though I did not know why at the time, and perhaps no one knew 
> why.
Dobbertin's collision in the MD5 compression function was published
in May of 1996.

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.