On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
> * Many popular P2P networks (and innumerable distributed 
> content databases) use MD5 hashes as both a reliable search 
> handle and a mechanism to ensure file integrity.  This makes 
> them blind to any signature embedded within MD5 collisions. 
> We can use this blindness to track MP3 audio data as it 
> propagates from a custom P2P node.

This seems pretty harmful right now, no need to wait for 

But even back when I implemented Crypto Kong, the orthodoxy was 
that one should use SHA1, even though it is slower than MD5, so 
it seems to me that MD5 was considered harmful back in 1997, 
though I did not know why at the time, and perhaps no one knew 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to