Date: Wed, 18 Aug 2004 21:08:12 +0300 From: Claudiu <dr.clau@rdslink.ro> To: "Peter C. Lai" <sirmoo@cowbert.net>, freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <41239B0C.1000703@rdslink.ro> In-Reply-To: <20040818175804.GI346@cowbert.net> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hello, please explain what do you mean by "reverse the hash". Is this the recreation of the originial message from its hash ? With respect, Peter C. Lai wrote: > Well while collisions are cryptographically significant, they don't > necessarily impact any operational security of the the hash. (Since the > collision merely means that there are possibly two inputs which will hash to > the same digest). Where this could theoretically mean that someone could > alter a signed message, we have to look at the chance that what was intended > to be altered will satisfy the conditions for the collision. The only 'real' > worry about this issue is that if MD5 is already cryptographically challenged > in this manner, it may be more possible to find a way to reverse the hash. > > You can read the discussion here: > http://www.rtfm.com/movabletype/archives/2004_08.html#001053 > http://www.rtfm.com/movabletype/archives/2004_03.html#000820 > > On Wed, Aug 18, 2004 at 10:24:27AM -0700, David Wolfskill wrote: > >>Just got a pointer to this via ACM "TechNews Alert" for today: >> >>http://www.acm.org/technews/articles/2004-6/0818w.html#item2 >> >>Seems that "... French computer scientist Antoine Joux reported on >>Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often >>used with digital signatures...." >> >>There's more in the article cited above. >> >>Peace, >>david >>-- >>David H. Wolfskill david@catwhisker.org >>Evidence of curmudgeonliness: becoming irritated with the usage of the >>word "speed" in contexts referring to quantification of network >>performance, as opposed to "bandwidth" or "latency." >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > -- Claudiu Dragalina-Paraipan e-mail: dr.clau@rdslink.ro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41239B0C.1000703>