Re: MD5 Collisions...

From: Colin Percival <cperciva@xxxxxxxxxxx>
Date: Mon, 03 Dec 2007 20:25:38 -0800

Norberto Meijome wrote:

should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :

"
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
been made that its security is in some doubt. The attacks on MD5 are in
the nature of finding ``collisions'' -- that is, multiple inputs which
hash to the same value; it is still unlikely for an attacker to be able
to determine the exact original input given a hash value.
"

I fail to see how the man page is incorrect here. What do you think it should
be saying instead?

Colin Percival
FreeBSD Security Officer

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: MD5 Collisions...
  - From: Iang
- Re: MD5 Collisions...
  - From: Norberto Meijome

References:
- MD5 Collisions...
  - From: Norberto Meijome

Prev by Date: Re: MD5 Collisions...
Next by Date: Re: MD5 Collisions...
Previous by thread: Re: MD5 Collisions...
Next by thread: Re: MD5 Collisions...
Index(es):
- Date
- Thread

Relevant Pages

Re: MD5 for passwords
... how do attacks vary with the length of hashed string ... The password hash is NOT MD5, just as the old Unix crypt 3 is not des. ... MD5 password hashing system out there? ...
(sci.crypt)
MD5 To Be Considered Harmful Someday
... I've been doing some analysis on MD5 collision announced by Wang et al. ... Yes, Virginia, there is no such thing as a safe hash ... attacks described in the paper. ... payload, but the payload is encrypted with AES. ...
(sci.crypt)
MD5 To Be Considered Harmful Someday
... I've been doing some analysis on MD5 collision announced by Wang et al. ... Yes, Virginia, there is no such thing as a safe hash ... A tool, Stripwire, has been assembled to demonstrate some of the attacks ... payload, but the payload is encrypted with AES. ...
(Bugtraq)
Re: Insecure Hash Algorithms (MD5) and NTLMv2
... > exagerated by the media. ... I know some byte chains for MD5 have already being ... > slightly longer if the hash has more bits, ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
(Pen-Test)
RE: Craking Serv-u passwords stored in .ini file.
... I never said anything about MD5 being a weak algorithm, or anything about the relative security of Serv-u. ... And the hash obtained from these words will be directly compared to the hash in the .ini file minus the first 2 characters. ... This is not much stronger than not using salt at all. ...
(Pen-Test)