On Apr 7, 2005 2:28 PM, Thierry Zoller <[EMAIL PROTECTED]> wrote: <snippage> > RP> (or do they assume these hashes are 'fingerprints') > Oh... well an one-way hash (Md5,sha etc) technicaly speaking > *IS* a fingerprint because it identifies a UNIQUE file. (collisions > possible but unlikely) > > Please correct me if any of my assumptions above were incorrect. >
As reported over the last few months, MD5 is very broken. MD5 collisions are very easy to generate, with some reports of as little as a few hours needed on reasonable hardware to generate a collision. Here is a page with links to most of the various papers out, including the Wang paper that started this all. http://cryptography.hyperlink.cz/MD5_collisions.html > -- > Thierry Zoller > http://www.sniff-em.com > Mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
