Erwann ABALEA <[EMAIL PROTECTED]> writes:
> On Thu, 6 Dec 2001, Andrew Finnell wrote:
>
> > digest. I did not know it was a checksum to validate that the data wasn't
> > altered.
>
> It's more robust than the usual "checksums" (CRC). You can easily fool a
> CRC32, but fooling a cryptographic digest is another matter... In fact,
> for MD5 and SHA1, nobody managed to show a collision.
That's MOSTLY true.
Hans Dobbertin showed a single compression in the MD5 compression
function but noone in the open community knows how he got it.
Of course, it's obvious that there must be collisions and for
MD5 at least it's technically possible to find them by brute
force, since the birthday attack is 2^64 hard.
This doesn't mean that the use of MD5 in SSL is insecure. The
only property that SSL really requires of MD5 is irreversibility
which is 2^128 hard.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
