From owner-freebsd-security  Fri Jun  7 20:10:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA26788
          for security-outgoing; Fri, 7 Jun 1996 20:10:28 -0700 (PDT)
Received: from critter.tfs.com ([140.145.16.108])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA26772;
          Fri, 7 Jun 1996 20:10:23 -0700 (PDT)
Received: from critter.tfs.com (localhost [127.0.0.1]) by critter.tfs.com (8.7.5/8.7.3) with ESMTP id UAA01595; Fri, 7 Jun 1996 20:09:55 -0700 (PDT)
To: Steve Reid <root@edmweb.com>
cc: freebsd-security@freebsd.org
Subject: Re: MD5 broken (not quite) 
In-reply-to: Your message of "Fri, 07 Jun 1996 19:55:12 PDT."
             <Pine.BSF.3.91.960607185621.444A-100000@bitbucket.edmweb.com> 
Date: Fri, 07 Jun 1996 20:09:55 -0700
Message-ID: <1593.834203395@critter.tfs.com>
From: Poul-Henning Kamp <phk@freebsd.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>> Until somebody comes up with a way of solving A = MD5(X) for some given
>> value of A then you don't need to worry to much. 
>
>That would definately be the end of MD5, but AFAIK (I'm not a crypto
>expert) reversing a hash is harder than finding real-world collisions
>where MD5(X) = MD5(Y), which would also be the end of MD5 in many (but not
>all) applications. 

If you want to substitute MD5(Y) for A I'm game, for all I care you can
substitute sin(y) if you want :-)

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.