hi, mr. reinhold --

there's stronger reason than the ones you cite,
to distrust md5 as a message-digest.  see these
old sci.crypt threads, and the google-search below,
for discussions of hans dobbertin's 1996 crack
of md5:

http://tinyurl.com/2ox7g

http://tinyurl.com/3x446

http://google.com/search?q=dobbertin+md5&num=30

btw, in a phone conversation, dobbertin emphasized
to me that his attack only works when md5 is used
as a message-digest; it doesn't work when md5 is
used with a key to prepare a MAC.  he also mentioned
that while sha-1 may be vulnerable to an attack of
a similar style (because sha-1 is similar in struc-
ture to md5), he himself was forbiddden by german
law to work to cryptanalyze sha-1, because he worked
at that time for the german federal security service,
and so wasn't allowed to attack the USG's standard
ciphers.  now he's at ruhr university (in bochum),
but i don't know whether he's more of a free agent.

                                - don davis, boston



> To: [EMAIL PROTECTED]
> From: "Arnold G. Reinhold" <[EMAIL PROTECTED]>
> Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
> software
>  releases
> Sender: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> List-Id: Macintosh Cryptography <mac_crypto.vmeng.com>
> List-Archive: <http://www.vmeng.com/pipermail/mac_crypto/>
> Date: Sun, 4 Apr 2004 06:17:55 -0500
>
> The cryptographic hash function MD5 has long been used to
> authenticate software packages, particularly in the Linux/Unix/open
> source community. This has carried over to Apple's OS-X. The MD5 hash
> of an entire package is calculated and its value is transmitted
> separately from the package. Users who download the package compute
> the hash of the copy they received and match that value against the
> original.
...

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to