Re: Report of collision-generation with MD5
From: Claudiu (dr.clau_at_rdslink.ro)
Date: 08/18/04
- Previous message: Peter C. Lai: "Re: Report of collision-generation with MD5"
- In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Next in thread: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Reply: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Reply: Borja Marcos: "Re: Report of collision-generation with MD5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 21:08:12 +0300 To: "Peter C. Lai" <sirmoo@cowbert.net>, freebsd-security@freebsd.org
hello,
please explain what do you mean by "reverse the hash". Is this the
recreation of the originial message from its hash ?
With respect,
Peter C. Lai wrote:
> Well while collisions are cryptographically significant, they don't
> necessarily impact any operational security of the the hash. (Since the
> collision merely means that there are possibly two inputs which will hash to
> the same digest). Where this could theoretically mean that someone could
> alter a signed message, we have to look at the chance that what was intended
> to be altered will satisfy the conditions for the collision. The only 'real'
> worry about this issue is that if MD5 is already cryptographically challenged
> in this manner, it may be more possible to find a way to reverse the hash.
>
> You can read the discussion here:
> http://www.rtfm.com/movabletype/archives/2004_08.html#001053
> http://www.rtfm.com/movabletype/archives/2004_03.html#000820
>
> On Wed, Aug 18, 2004 at 10:24:27AM -0700, David Wolfskill wrote:
>
>>Just got a pointer to this via ACM "TechNews Alert" for today:
>>
>>http://www.acm.org/technews/articles/2004-6/0818w.html#item2
>>
>>Seems that "... French computer scientist Antoine Joux reported on
>>Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often
>>used with digital signatures...."
>>
>>There's more in the article cited above.
>>
>>Peace,
>>david
>>--
>>David H. Wolfskill david@catwhisker.org
>>Evidence of curmudgeonliness: becoming irritated with the usage of the
>>word "speed" in contexts referring to quantification of network
>>performance, as opposed to "bandwidth" or "latency."
>>_______________________________________________
>>freebsd-security@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>
-- Claudiu Dragalina-Paraipan e-mail: dr.clau@rdslink.ro _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Peter C. Lai: "Re: Report of collision-generation with MD5"
- In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Next in thread: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Reply: Peter C. Lai: "Re: Report of collision-generation with MD5"
- Reply: Borja Marcos: "Re: Report of collision-generation with MD5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
