--- begin forwarded text
From: Nicko van Someren [EMAIL PROTECTED]
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
authenticate software releases
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
.
- don davis, boston
To: [EMAIL PROTECTED]
From: Arnold G. Reinhold [EMAIL PROTECTED]
Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
software
releases
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
--- begin forwarded text
From: Nicko van Someren [EMAIL PROTECTED]
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
authenticate software releases
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
--- begin forwarded text
To: [EMAIL PROTECTED]
From: Vinnie Moscaritolo [EMAIL PROTECTED]
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
authenticate software releases
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
The attacks by Dobbertin on MD5 only allow to find collisions in the
compression function, not the whole MD5 hash.
But it is a sign that something might be fishy about MD5.
MD5 output is 128 bits. There are two types of collision finding
attacks that can be applied. In the first you are given
At 4:51 PM +0100 4/5/04, Nicko van Someren wrote:
...
While I agree that it is somewhat lax of Apple to be using MD5 for
checking its updates it's far from clear to me that an attack of the
sort described above would ever be practical. The problem is that
the while there are methods for
--- begin forwarded text
To: [EMAIL PROTECTED]
From: Arnold G. Reinhold [EMAIL PROTECTED]
Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
software
releases
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
List
don't know whether he's more of a free agent.
- don davis, boston
To: [EMAIL PROTECTED]
From: Arnold G. Reinhold [EMAIL PROTECTED]
Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
software
releases
Sender: [EMAIL PROTECTED]
Reply