> In the X509 functions, there are several that compute a MD5
> fingerprint and use only the first four bytes of the resulting 16 byte
> fingerprint (such as X509_subject_name_hash). The MD5
> documentation states that the 16 byte fingerprint is quite unique
> (2^64), how unique is the resulting 32 bit long value?
The MD5 documentation is rather optimistic. :) While it hasn't been
broken, per se, Dobbertin has found enough proof that the IETF
dis-recommends MD5 as a hash mechanism, leaving only SHA-1. (And,
presumably, SHA-nnn when they're released.)
In these cases you mention, however, MD5 isn't being used as a
cryptographic message digest, but rather a hash "hint" for lookups.
No worries, mate.
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
