[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: [ANN] MD5 1.0.2 Released (OT)
- From: Richter, Jörg <Joerg.Richter@...>
- Date: Wed, 9 May 2007 13:37:04 +0200
MD5 is not as bad as this may sound.
For an overview of what exactly is vulnerable and what not see here:
>For those who have not kept track of developments in
>The MD5 and SHA1 algorithms are both vulnerable to collision
>attacks faster than brute force, in the case of MD5 the attack
>only takes hours on a desktop machine. A collision attack is
>an attack that finds strings a, b where a ~= b but hash(a) == hash(b).
>This may or may not be a problem depending on what you use
>these algorithms for, and how you use them. If you are
>digitally signing strings provided by others it is a problem,
>because your signature matches more than one string.