RE: [ANN] MD5 1.0.2 Released (OT)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: [ANN] MD5 1.0.2 Released (OT)
From: Richter, Jörg <Joerg.Richter@...>
Date: Wed, 9 May 2007 13:37:04 +0200

MD5 is not as bad as this may sound. 

For an overview of what exactly is vulnerable and what not see here:
http://www.cryptography.com/cnews/hash.html

   Joerg

>For those who have not kept track of developments in 
>cryptography lately:
>
>The MD5 and SHA1 algorithms are both vulnerable to collision 
>attacks faster than brute force, in the case of MD5 the attack 
>only takes hours on a desktop machine. A collision attack is 
>an attack that finds strings a, b where a ~= b but hash(a) == hash(b). 
>
>This may or may not be a problem depending on what you use 
>these algorithms for, and how you use them. If you are 
>digitally signing strings provided by others it is a problem, 
>because your signature matches more than one string.

Follow-Ups:
- Re: [ANN] MD5 1.0.2 Released (OT), Philippe Lhoste
- Re: [ANN] MD5 1.0.2 Released (OT), Gé Weijers

References:
- [ANN] MD5 1.0.2 Released, Andre Carregal
- Re: [ANN] MD5 1.0.2 Released, Gé Weijers

Prev by Date: Re: [ANN] MD5 1.0.2 Released
Next by Date: Re: [ANN] MD5 1.0.2 Released
Previous by thread: Re: [ANN] MD5 1.0.2 Released
Next by thread: Re: [ANN] MD5 1.0.2 Released (OT)
Index(es):
- Date
- Thread