Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: MD5 To Be Considered Harmful Someday
.

  • To: "James A. Donald" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
  • Subject: Re: MD5 To Be Considered Harmful Someday
  • From: John Kelsey <[EMAIL PROTECTED]>
  • Date: Wed, 8 Dec 2004 09:24:41 -0500 (GMT-05:00)
  • Reply-to: John Kelsey <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
>From: "James A. Donald" <[EMAIL PROTECTED]>
>Sent: Dec 7, 2004 6:57 PM
>To: [EMAIL PROTECTED]
>Subject: MD5 To Be Considered Harmful Someday

>But even back when I implemented Crypto Kong, the orthodoxy was 
>that one should use SHA1, even though it is slower than MD5, so 
>it seems to me that MD5 was considered harmful back in 1997, 
>though I did not know why at the time, and perhaps no one knew 
>why.

The pseudocollision on MD5 paper was published in 1994, and Doebbertin's full collisions for MD5's compression function were published in 1996, so there was plenty of reason by 1997 to want to move to a different hash function.  People who stuck with MD5 for collision resistance after that were demonstrating seriously bad judgement, since the only argument left for MD5's security was "well, but nobody's published a way to exploit the attack on full messages yet."  

>         James A. Donald

--John Kelsey

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.