From owner-freebsd-security@FreeBSD.ORG Wed Dec 5 01:44:52 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A596D16A468 for ; Wed, 5 Dec 2007 01:44:52 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 6E63613C465 for ; Wed, 5 Dec 2007 01:44:52 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 13800 invoked from network); 4 Dec 2007 19:44:52 -0600 Received: from 124-170-55-25.dyn.iinet.net.au (HELO localhost) (124.170.55.25) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Dec 2007 19:44:52 -0600 Date: Wed, 5 Dec 2007 12:44:45 +1100 From: Norberto Meijome To: Iang Message-ID: <20071205124445.792e8fd5@meijome.net> In-Reply-To: <47554B7B.90803@iang.org> References: <20071203154412.461d0faf@meijome.net> <4754D6C2.3030005@freebsd.org> <47554B7B.90803@iang.org> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Colin Percival Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2007 01:44:52 -0000 On Tue, 04 Dec 2007 13:43:39 +0100 Iang wrote: > Perhaps, 1st two paras: > > > ============== > Md5 is a cryptographic message digest algorithm. It takes > as input a message of arbitrary length and produces as > output a 128-bit ``fingerprint'' or ``digest'' of the input. > Such algorithms are intended for applications where a > large file must be ``compressed'' in a secure manner, > suitable as a digital signature or as an input to a > public-key cryptosystem for digital signature or encryption > purposes. > > MD5 is no longer recommended as a cryptographic message > digest algorithm, although it functions very well as a big > checksum. It is now feasible (2004) to produce two messages > having the same MD5 message digest (``collision'' attack), > and attacks of this nature are getting better and faster. > It is still conjectured to be computationally infeasible > (2007) to produce any message having a given prespecified > target message digest (``preimage'' attack). > ============== > > > > It's worth checking carefully ... discussing the minutiae of > cryptographic algorithms is like angels dancing on a pin. thanks Iang - looks good to me. btw, i just checked man 3 md5 , and it may need updating - it refers to 1999.. " MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been made that its security is in some doubt.... " B _________________________ {Beto|Norberto|Numard} Meijome Commitment is active, not passive. Commitment is doing whatever you can to bring about the desired result. Anything less is half-hearted. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.