Re: md5 collisions and speeding tickets

From: Mxsmanic (mxsmanic_at_gmail.com)
Date: 08/19/05

• Next message: Bryan Olson: "Re: md5 collisions and speeding tickets"
• Previous message: Bryan Olson: "Re: md5 collisions and speeding tickets"
• In reply to: Bryan Olson: "Re: md5 collisions and speeding tickets"
• Next in thread: Unruh: "Re: md5 collisions and speeding tickets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 19 Aug 2005 09:33:39 +0200

Bryan Olson writes:

> MD5 is broken. It
> does *not* have the security properties it was conjectured to
> have.

These two statements are not synonymous. An algorithm is broken if it
is unsuitable for the application in which it is used. In contrast,
it may not meet the original specification for the algorithm, but it
may still work in a specific application, in which case it is not
broken (for that application).

> Secure hash functions, like any crypto
> primitive, must have *all* of their important security
> properties in order to qualify as 'secure'.

No, not in the real world. You only need functions that achieve the
objectives set for them in the application(s) in which they are used.
If they lack characteristics upon which an application does not
depend, that doesn't matter.

> We can show that MD5 failed in its stated objectives and does
> not have the properties required of a secure hash function.

But we cannot show that it is allowing real-world fraud to occur, or
at least nobody has provided an example of a successful exploit.

> Furthermore, among serious cryptologists, there is now broad
> agreement that MD5 is broken.

Serious cryptologists deal with cryptography, which has little to do
with real-world information processing. The average IT infrastructure
or application has so many security holes in it that nobody in his
right mind would try to attack it through a slight weakness in a
message-digest algorithm. There are just too many other, easier ways
to compromise it.

--
Transpose mxsmanic and gmail to reach me by e-mail.

• Next message: Bryan Olson: "Re: md5 collisions and speeding tickets"
• Previous message: Bryan Olson: "Re: md5 collisions and speeding tickets"
• In reply to: Bryan Olson: "Re: md5 collisions and speeding tickets"
• Next in thread: Unruh: "Re: md5 collisions and speeding tickets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Meganet on Cryptogram again ... > It is only necessary to break the algorithm. ... >> bother to cryptanalyse it. ... If nobody can be bothered to ... > break it, then it is effectively secure, no matter what it's theoretical ... (sci.crypt) Re: Meganet on Cryptogram again ... > It is only necessary to break the algorithm. ... >> bother to cryptanalyse it. ... If nobody can be bothered to ... > break it, then it is effectively secure, no matter what it's theoretical ... (sci.crypt) Re: Meganet on Cryptogram again ... It is only necessary to break the algorithm. ... > bother to cryptanalyse it. ... If nobody can be bothered to ... break it, then it is effectively secure, no matter what it's theoretical ... (sci.crypt) Re: Evaluation of MegaSnakeOil by "expert" ... >> unknown to the public. ... Consequently nobody in the ... > it's not such a bad algorithm after all. ... to treat it as a trade secret? ... (sci.crypt) Re: New algorithm for short signatures ... secure hash function with n bit output, ... >Algorithm for signature generation: ... This algorithm is doing something strange and potentially nonsensical: ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint