Date: Fri, 20 Sep 1996 14:50:21 +1000 From: Stephen Hocking <sysseh@devetir.qld.gov.au> To: security@freebsd.org Subject: Possible MD5 weakness (fwd from PEM) Message-ID: <199609200450.EAA26487@netfl15a.devetir.qld.gov.au>
next in thread | raw e-mail | index | archive | help
>Date: Fri, 13 Sep 1996 16:09:30 -0700 (PDT) >From: Ned Freed <Ned.Freed@innosoft.com> >Subject: Re: TFM needed ro R >To: David Rudder <drig@magicweb.com> >Cc: pem-dev@TIS.COM >Message-Id: <01I9FPRGR3US8Y5I6P@INNOSOFT.COM> >Mime-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII >Content-Transfer-Encoding: 7BIT >Sender: pem-dev-approval@neptune.hq.tis.com >Precedence: bulk > RIPEM and SSLeay seem to like MD5. RIPEM uses MD2 for it's X.509 > certificates but MD5 for it's MIC-Info. There are a bunch of MD5 > programs out there and a number written in Java. Bruce Schneier says "I am > wary of MD5" on pge 441 of Applied Cryptography. He states before that > that MD5 hasn't been provven insecure, but weaknesses have been found in > the compression function. If he is wary of this algorithm, then why is > it so popular? It's by far more prevelant than any other message digest > I've seen. It is worse than Schneier says -- there are newer results now. See the current issue of RSA's CryptoBytes publication, Volume 2 Number 2, Summer 1996, for details. Online copies are available in http://www.rsa.com/rsalabs/cryptobytes/. The bottom line is that new application should no longer specify MD5 as a MIC. And MD2 has been obsolete for some time. Use either SHA-1 or RIPEMD-160. (I prefer the former.) Ned Stephen -- The views expressed above are not those of the Worker's Compensation Board of Queensland, Australia.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609200450.EAA26487>