On Thu, Jun 13, 2002 at 12:38:15PM +0200, Sergio Rodr?guez de Guzm?n Mart?nez wrote: > [EMAIL PROTECTED] (2002-06-13 at 0330.28 -0300): > > > > Yes. MD5 has had some very minor breaks. It is easier to find > > hash collisions than it should be. This means that it is possible to find > > two messages that hash to the same value. You need to choose _both_ > > messages, so this doesn't help you e.g. make trojan binaries that have the > > same MD5 hash as the originals. > > > > MD5 generates a hash of 128 bits so the probability of finding a > collision is 1/(2^128). So it seems that it is not so easy to find such > a collision.
It is possible to do better than those odds when dealing with MD5, if you get to choose both messages. That's why I said MD5 has had some breaks against it; Cryptanalysis has resulted in an improvement over random selection of message pairs for generating collisions. > > Of course SHA is more secure, it generates a hash of 160 bits so the > probability of finding a collision is lower than MD5. We were talking about MD5-96 and SHA1-96 message authentication codes for the SSH protocol. I'm assuming that MD5-96 means that 96 bits of the MD5 hash are used, not all 128. Same goes for SHA-1. Since the same number of bits is used, the strength against brute force collision-generation attempts is equal. MD5 should be considered less secure than SHA-1 because of the breaks found in it so far. AFAIK, there is no way to speed up finding a collision for a given message, but it is reasonable to assume that the likelihood of one being found is greater than for SHA-1. BTW, you shouldn't say "of course". Producing a longer hash is not all there is to making a secure hash function. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
