Weger, B.M.M. de wrote: > We also announce two different Win32 executables that > have identical MD5 hash values. This can be made to > happen for any two executable files. This implies a > vulnerability in software integrity protection and > code signing schemes that still use MD5. See > http://www.win.tue.nl/hashclash/SoftIntCodeSign for > details.
That MD5 is broken is of course old news. I observe that US authorities have decided on a hash, found it was broken, decided on a new hash, found it was broken also, and are now where we are. Russian authorities decided on a 256 bit hash in 1990: GOST R 34.11-94. It is still good as far as anyone knows, and has never needed to be changed. This entirely confirms my prejudices about the US government cryptographers. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
