MD5 Collisions...

Norberto Meijome freebsd at meijome.net
Sun Dec 2 21:10:59 PST 2007


Hi everyone,

Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ .

should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :

"     
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
     been made that its security is in some doubt.  The attacks on MD5 are in
     the nature of finding ``collisions'' -- that is, multiple inputs which
     hash to the same value; it is still unlikely for an attacker to be able
     to determine the exact original input given a hash value.
"

Cheers,
B
_________________________
{Beto|Norberto|Numard} Meijome

If you find a solution and become attached to it, the solution may become your next problem.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.


More information about the freebsd-security mailing list