RE: Report of collision-generation with MD5

From: George F. Costanzo (afx_at_pkl.net)
Date: 08/20/04

  • Next message: guy_at_device.dyndns.org: "Re: Report of collision-generation with MD5" 
    To: "'David Wolfskill'" <david@catwhisker.org>
Date: Fri, 20 Aug 2004 09:11:25 +1000

    The reporter got mixed up. Antoine Joux published a SHA-0 collision, while
    the Chinese researchers, Xiaoyun Wang and co. put out the paper on
    collisions in MD5, MD4, HAVAL, and full RIPEMD. A copy can be found here:

    http://eprint.iacr.org/2004/199.pdf

    This is the second version, after they used the wrong IV's initially. They
    plan to release a more detailed version in the near future. I wouldn't just
    wave off the attack; they seem to be able to find collisions fairly
    quickly. For more info see recent posts on:

    http://www.mail-archive.com/cryptography%40metzdowd.com/ 

    --
George F. Costanzo <afx@pkl.net>
PGP Fingerprint: 1E4F 09F2 D637 B917 8D61  0413 4FBC 7DB0 1407 2B6D 
> -----Original Message-----
> From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-
> security@freebsd.org] On Behalf Of David Wolfskill
> Sent: Thursday, August 19, 2004 3:24 AM
> To: freebsd-security@freebsd.org
> Subject: Report of collision-generation with MD5
> 
> Just got a pointer to this via ACM "TechNews Alert" for today:
> 
> http://www.acm.org/technews/articles/2004-6/0818w.html#item2
> 
> Seems that "... French computer scientist Antoine Joux reported on
> Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often
> used with digital signatures...."
> 
> There's more in the article cited above.
> 
> Peace,
> david
> --
> David H. Wolfskill				david@catwhisker.org
> Evidence of curmudgeonliness:  becoming irritated with the usage of the
> word "speed" in contexts referring to quantification of network
> performance, as opposed to "bandwidth" or "latency."
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: guy_at_device.dyndns.org: "Re: Report of collision-generation with MD5"

    Relevant Pages

    • Re: When will md5crk complete?
      ... and in that case birthday attack ... > His core message is correct however: you shouldn't be using MD5. ... Collisions DO exist for every hash algorithm... ...
      (sci.crypt)
    • Re: Re-secured Algorithm?
      ... >>MD5 collisions are actually trivial to generate. ... SHA-1 had real collisions in MD5. ... Personal attacks aside I doubt many ...
      (sci.crypt)
    • Re: MD5 status
      ... > work on collisions is that of being one-way. ... > Dobbertin as he is of course one of the biggest authorities on this. ... collisions in the MD5 compression function that you shouldn't use it. ... attack is dependent on the attack that you have against the algorithm. ...
      (SecProg)
    • Re: un-hashing to reveal pass phrase [was: crypto sms]
      ... the entropic quantity is known this limits the number of possible passphrase ... By focusing only on the extremely limited MD5 which can hold more ... but the show collisions in MD5 in 15 ... Because there is only one colliding value, ...
      (sci.crypt)
    • Re: MD5s eulogy
      ... about anonymity, see http://mixminion.net. ... MD5 is Dead. ... slashdot article reference included below. ... >arbitrary collisions, just random collisions), it's folly to think it'll ...
      (alt.privacy)