Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Dec 2007 12:44:45 +1100
From:      Norberto Meijome <freebsd@meijome.net>
To:        Iang <iang@iang.org>
Cc:        freebsd-security@freebsd.org, Colin Percival <cperciva@freebsd.org>
Subject:   Re: MD5 Collisions...
Message-ID:  <20071205124445.792e8fd5@meijome.net>
In-Reply-To: <47554B7B.90803@iang.org>
References:  <20071203154412.461d0faf@meijome.net> <4754D6C2.3030005@freebsd.org> <47554B7B.90803@iang.org>
index | next in thread | previous in thread | raw e-mail 

On Tue, 04 Dec 2007 13:43:39 +0100
Iang <iang@iang.org> wrote:

> Perhaps, 1st two paras:
> 
> 
> ==============
> Md5 is a cryptographic message digest algorithm.  It takes 
> as input a message of arbitrary length and produces as 
> output a 128-bit ``fingerprint'' or ``digest'' of the input. 
>   Such algorithms are intended for applications where a 
> large file must be ``compressed'' in a secure manner, 
> suitable as a digital signature or as an input to a 
> public-key cryptosystem for digital signature or encryption 
> purposes.
> 
> MD5 is no longer recommended as a cryptographic message 
> digest algorithm, although it functions very well as a big 
> checksum.  It is now feasible (2004) to produce two messages 
> having the same MD5 message digest (``collision'' attack), 
> and attacks of this nature are getting better and faster. 
> It is still conjectured to be computationally infeasible 
> (2007) to produce any message having a given prespecified 
> target message digest (``preimage'' attack).
> ==============
> 
> 
> 
> It's worth checking carefully ... discussing the minutiae of 
> cryptographic algorithms is like angels dancing on a pin.

thanks Iang - looks good to me.

btw, i just checked man 3 md5 , and it may need updating - it refers to 1999..
"
 MD5 has not yet (1999-02-11) been broken, but sufficient attacks
     have been made that its security is in some doubt....
"
B


_________________________
{Beto|Norberto|Numard} Meijome

Commitment is active, not passive. Commitment is doing whatever you can to
bring about the desired result. Anything less is half-hearted.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071205124445.792e8fd5>