Date: Mon, 12 May 2003 01:17:08 +0200 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Stephen Samuel <samuel@bcgreen.com> Cc: bugs@openbsd.org Subject: Re: /dev/random and /dev/urandom Message-ID: <3117.1052695028@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 11 May 2003 16:05:37 PDT." <3EBED741.9050000@bcgreen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There is one current concern with MD5: over-ratio of collisions. What this means is that it may be a bit too easy to find a MD5 input which generates a given MD5 output. This has an impact where one uses MD5 in authentication schemes like: server client ----------------------------------------------------------- WHO ARE YOU ? (magic=234287234) Calculate MD5(password + 234287234) and send the result: abd344... Calculate MD5(password + 234287234) receive clients bid compare "they are identical, so the client knows the password" OK WELCOME! In such a setting an over-ratio of collisions will at the very least reduce the probabilities and In applications where MD5 is simply used as a bit-blender, this is of no concern. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3117.1052695028>