Date: Thu, 19 Aug 2004 11:45:50 +0200 From: Borja Marcos <borjamar@sarenet.es> To: Darren Reed <avalon@cairo.anu.edu.au> Cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <8E285C78-F1C4-11D8-9F60-000393C94468@sarenet.es> In-Reply-To: <200408190935.i7J9ZLrT025111@cairo.anu.edu.au> References: <200408190935.i7J9ZLrT025111@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> Someone I was talking to made a point of highlighting that this is > what the Chinese Government is allowing to be published in this area > of research. That's enough to make you wonder what they've > discovered but not published... There is a fine line between false sense of security and conspiranoia, and when using *any* cryptographic system (which includes algorithms) you must decide where to put your trust. I think (this is a personal opinion) that such an important discovery is really hard to keep secret. Since cryptography became a public research area, it is quite likely for important discoveries to be widely known. Of course, researchers working for government agencies can keep their discoveries secret, but bear in mind that an apparently "harmless" Mathematics discovery can have a dramatic impact on cryptography. Although the example is obvious, imagine an article with a title such as: "A faster method to factorize integers constructed as the product of two primes given the constraints...". It could have a dramatic impact on the security of any system using the RSA algorithm. Do you think it is so easy to filter Mathematics research reports? This is the joy of basic research. In many cases (of course you know in my example!) you don't really know what the practical applications/consequences will be. Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E285C78-F1C4-11D8-9F60-000393C94468>