MD5 and its use in Internet Key Exchange



Hi All,

Considering Sotirov, Stevens, Appelbaum, Lenstra, Molnar, Arne Osvik,
and de Weger recent attack on MD5 [1], what can be expected from RFCs
such as 4109 (Algorithms for Internet Key Exchange Version 1) [2]. MD5
is a required 'Old Algorithm Requirement' (from Section 2):

MD5 and SHA-1 for hashing and HMAC functions MUST be supported

Jeff

[1] http://www.win.tue.nl/hashclash/rogue-ca/
[2] http://www.ietf.org/rfc/rfc4109.txt
.



Relevant Pages

  • Re: This Weeks Finds in Mathematical Physics (Week 226)
    ... Yeah, I said SHA-1 and MD5 are different, and I said they were both vulnerable ... Attacking hash functions by poisoned ... where Ldenotes the length of the axiom system A, ...
    (sci.physics.research)
  • Re: Re-secured Algorithm?
    ... >>MD5 collisions are actually trivial to generate. ... SHA-1 had real collisions in MD5. ... Personal attacks aside I doubt many ...
    (sci.crypt)
  • Re: Crypto Hash functions
    ... crypto-hash functions were "broken". ... MD5: ... SHA-1: wounded but still fighting. ... If you're signing bulk data, probably SHA-256 is your best bet. ...
    (sci.crypt)
  • Re: Crypto Hash functions
    ... crypto-hash functions were "broken". ... MD5: ... SHA-1: wounded but still fighting. ... If you're signing bulk data, probably SHA-256 is your best bet. ...
    (sci.crypt)
  • RE: sha-1 cryptography
    ... MD5 and SHA-1 are not used to ensure Confidentiality, ... the confidentiality of passwords or credit card numbers or the ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)