From owner-freebsd-security@FreeBSD.ORG Thu Aug 19 09:45:26 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C89C416A4CE for ; Thu, 19 Aug 2004 09:45:26 +0000 (GMT) Received: from sollube.sarenet.es (sollube.sarenet.es [192.148.167.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6556143D48 for ; Thu, 19 Aug 2004 09:45:26 +0000 (GMT) (envelope-from borjamar@sarenet.es) Received: from [172.16.1.6] (ns10-sarenetlan-dhcp.sarenet.es [192.148.167.10]) by sollube.sarenet.es (Postfix) with ESMTP id 77429CCF; Thu, 19 Aug 2004 11:45:25 +0200 (CEST) In-Reply-To: <200408190935.i7J9ZLrT025111@cairo.anu.edu.au> References: <200408190935.i7J9ZLrT025111@cairo.anu.edu.au> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <8E285C78-F1C4-11D8-9F60-000393C94468@sarenet.es> Content-Transfer-Encoding: 7bit From: Borja Marcos Date: Thu, 19 Aug 2004 11:45:50 +0200 To: Darren Reed X-Mailer: Apple Mail (2.619) cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 09:45:26 -0000 > Someone I was talking to made a point of highlighting that this is > what the Chinese Government is allowing to be published in this area > of research. That's enough to make you wonder what they've > discovered but not published... There is a fine line between false sense of security and conspiranoia, and when using *any* cryptographic system (which includes algorithms) you must decide where to put your trust. I think (this is a personal opinion) that such an important discovery is really hard to keep secret. Since cryptography became a public research area, it is quite likely for important discoveries to be widely known. Of course, researchers working for government agencies can keep their discoveries secret, but bear in mind that an apparently "harmless" Mathematics discovery can have a dramatic impact on cryptography. Although the example is obvious, imagine an article with a title such as: "A faster method to factorize integers constructed as the product of two primes given the constraints...". It could have a dramatic impact on the security of any system using the RSA algorithm. Do you think it is so easy to filter Mathematics research reports? This is the joy of basic research. In many cases (of course you know in my example!) you don't really know what the practical applications/consequences will be. Borja.