Date: Mon, 16 Nov 1998 16:03:02 -0500 (EST) From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Terry Lambert <tlambert@primenet.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <kqI9A6m00WB40yF=00@andrew.cmu.edu> In-Reply-To: <Pine.BSF.3.96.981116124210.15576A-100000@fledge.watson.org> References: <Pine.BSF.3.96.981116124210.15576A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Excerpts from mail: 16-Nov-98 Re: Would this make FreeBSD.. by Robert Watson@cyrus.wats > I don't think I would consider md5 broken exactly. Just subject to > intermittent collisions. Is there a deterministic (and fast) way to > detect whether one is employing a hash subject to the described collision > attack? If so, perhaps we can add a piece of code that attempts a number > of values of salt, resulting in a more friendly hash. (I am also tossing in replys to others on the md5 issue) I'm not sure if I was being too rash, but that statement came from a recollection that pseudo-collisions have been found for md5 a quick search turns up http://www.rsa.com/rsalabs/faq/html/3-6-6.html It would seem that it isn't as much of an issue for passwords where long-term security is not an issue, so maybe as a passing comment was a bad idea. I do not, however, fall victim to thinking that as Poul pointed out that I thought the 128-bit keyspace was exhaustable. At most, I was too 'excited' at the pseudo-collisions ;) At the bottom of the same FAQ came the 1994 estimate at an md5 crack, I would wonder if the above information (mostly from 96 and I would imagine more work had been done in the two years since) makes any significant dents in the figure. If not, then I of course retract all statements as to md5 being broken. From my armchair point of view I can't imagine that to be the case, though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kqI9A6m00WB40yF=00>