MD5 Collisions...

Norberto Meijome freebsd at meijome.net
Tue Dec 4 17:44:52 PST 2007


On Tue, 04 Dec 2007 13:43:39 +0100
Iang <iang at iang.org> wrote:

> Perhaps, 1st two paras:
> 
> 
> ==============
> Md5 is a cryptographic message digest algorithm.  It takes 
> as input a message of arbitrary length and produces as 
> output a 128-bit ``fingerprint'' or ``digest'' of the input. 
>   Such algorithms are intended for applications where a 
> large file must be ``compressed'' in a secure manner, 
> suitable as a digital signature or as an input to a 
> public-key cryptosystem for digital signature or encryption 
> purposes.
> 
> MD5 is no longer recommended as a cryptographic message 
> digest algorithm, although it functions very well as a big 
> checksum.  It is now feasible (2004) to produce two messages 
> having the same MD5 message digest (``collision'' attack), 
> and attacks of this nature are getting better and faster. 
> It is still conjectured to be computationally infeasible 
> (2007) to produce any message having a given prespecified 
> target message digest (``preimage'' attack).
> ==============
> 
> 
> 
> It's worth checking carefully ... discussing the minutiae of 
> cryptographic algorithms is like angels dancing on a pin.

thanks Iang - looks good to me.

btw, i just checked man 3 md5 , and it may need updating - it refers to 1999..
"
 MD5 has not yet (1999-02-11) been broken, but sufficient attacks
     have been made that its security is in some doubt....
"
B


_________________________
{Beto|Norberto|Numard} Meijome

Commitment is active, not passive. Commitment is doing whatever you can to
bring about the desired result. Anything less is half-hearted.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.


More information about the freebsd-security mailing list