Re: MD5 Collisions...

On Tue, 04 Dec 2007 13:43:39 +0100
Iang <iang@xxxxxxxx> wrote:

Perhaps, 1st two paras:


==============
Md5 is a cryptographic message digest algorithm. It takes
as input a message of arbitrary length and produces as
output a 128-bit ``fingerprint'' or ``digest'' of the input.
Such algorithms are intended for applications where a
large file must be ``compressed'' in a secure manner,
suitable as a digital signature or as an input to a
public-key cryptosystem for digital signature or encryption
purposes.

MD5 is no longer recommended as a cryptographic message
digest algorithm, although it functions very well as a big
checksum. It is now feasible (2004) to produce two messages
having the same MD5 message digest (``collision'' attack),
and attacks of this nature are getting better and faster.
It is still conjectured to be computationally infeasible
(2007) to produce any message having a given prespecified
target message digest (``preimage'' attack).
==============



It's worth checking carefully ... discussing the minutiae of
cryptographic algorithms is like angels dancing on a pin.

thanks Iang - looks good to me.

btw, i just checked man 3 md5 , and it may need updating - it refers to 1999..
"
MD5 has not yet (1999-02-11) been broken, but sufficient attacks
have been made that its security is in some doubt....
"
B


_________________________
{Beto|Norberto|Numard} Meijome

Commitment is active, not passive. Commitment is doing whatever you can to
bring about the desired result. Anything less is half-hearted.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Generating unique row ID ints.
    ... The primary key is usually there to uniquely identify each row. ... problem is to use a message digest (actually a message authentication ... import the md5 module before doing this. ... algorithm, the user can also run the same algorithm and generate the ...
    (comp.lang.python)
  • Re: MD5 Collisions...
    ... MD5 has not yet been broken, but sufficient attacks have ... MD5 is no longer recommended as a cryptographic message digest algorithm, although it functions very well as a big checksum. ...
    (FreeBSD-Security)
  • Re: md5 collisions and speeding tickets
    ... >> That conjecture is false. ... >same message digest as another meaningful message with similar desired ... to digitally sign with MD5. ... You sign it committing yourself to pay $100. ...
    (sci.crypt)
  • Re: MD5 Algorithm
    ... you apply the MD5 to the timedate stamp ... provided by the server and you use a key code string also provided. ... The idea is sending a message, message digest (firstly mentioned ... The recipient of the message decrypts the key with your public key, ...
    (comp.lang.forth)
  • Re: MessageDigest Length
    ... sean@xxxxxxxxxxxx schrieb: ... value returned from a message digest? ... Truncating this output may result in collisions and extending the output is ...
    (comp.lang.java.security)