Erwann ABALEA <[EMAIL PROTECTED]> writes: > On Thu, 6 Dec 2001, Andrew Finnell wrote: > > > digest. I did not know it was a checksum to validate that the data wasn't > > altered. > > It's more robust than the usual "checksums" (CRC). You can easily fool a > CRC32, but fooling a cryptographic digest is another matter... In fact, > for MD5 and SHA1, nobody managed to show a collision. That's MOSTLY true.
Hans Dobbertin showed a single compression in the MD5 compression function but noone in the open community knows how he got it. Of course, it's obvious that there must be collisions and for MD5 at least it's technically possible to find them by brute force, since the birthday attack is 2^64 hard. This doesn't mean that the use of MD5 in SSL is insecure. The only property that SSL really requires of MD5 is irreversibility which is 2^128 hard. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]