From owner-freebsd-security  Mon Nov 16 13:03:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA09781
          for freebsd-security-outgoing; Mon, 16 Nov 1998 13:03:56 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from po9.andrew.cmu.edu (PO9.ANDREW.CMU.EDU [128.2.10.109])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA09762
          for <freebsd-security@FreeBSD.ORG>; Mon, 16 Nov 1998 13:03:53 -0800 (PST)
          (envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost) by po9.andrew.cmu.edu (8.8.5/8.8.2) id QAA19818; Mon, 16 Nov 1998 16:03:17 -0500 (EST)
Received: via switchmail; Mon, 16 Nov 1998 16:03:17 -0500 (EST)
Received: from unix3.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q007/QF.UqI9A8C00WB401rXU0>;
          Mon, 16 Nov 1998 16:03:04 -0500 (EST)
Received: from unix3.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.0qI9A6q00WB40yF=80>;
          Mon, 16 Nov 1998 16:03:02 -0500 (EST)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix3.andrew.cmu.edu.sun4m.54
          via MS.5.6.unix3.andrew.cmu.edu.sun4_51;
          Mon, 16 Nov 1998 16:03:02 -0500 (EST)
Message-ID: <kqI9A6m00WB40yF=00@andrew.cmu.edu>
Date: Mon, 16 Nov 1998 16:03:02 -0500 (EST)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Subject: Re: Would this make FreeBSD more secure?
Cc: Terry Lambert <tlambert@primenet.com>, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.981116124210.15576A-100000@fledge.watson.org>
References: <Pine.BSF.3.96.981116124210.15576A-100000@fledge.watson.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Excerpts from mail: 16-Nov-98 Re: Would this make FreeBSD.. by Robert
Watson@cyrus.wats 
> I don't think I would consider md5 broken exactly.  Just subject to
> intermittent collisions.  Is there a deterministic (and fast) way to
> detect whether one is employing a hash subject to the described collision
> attack?  If so, perhaps we can add a piece of code that attempts a number
> of values of salt, resulting in a more friendly hash.

(I am also tossing in replys to others on the md5 issue)

  I'm not sure if I was being too rash, but that statement came from a
recollection that pseudo-collisions have been found for md5 a quick
search turns up http://www.rsa.com/rsalabs/faq/html/3-6-6.html  It would
seem that it isn't as much of an issue for passwords where long-term
security is not an issue, so maybe as a passing comment was a bad idea. 
I do not, however, fall victim to thinking that as Poul pointed out that
I thought the 128-bit keyspace was exhaustable.  At most, I was too
'excited' at the pseudo-collisions ;)
  At the bottom of the same FAQ came the 1994 estimate at an md5 crack,
I would wonder if the above information (mostly from 96 and I would
imagine more work had been done in the two years since) makes any
significant dents in the figure.  If not, then I of course retract all
statements as to md5 being broken.  From my armchair point of view I
can't imagine that to be the case, though.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message