Damien Miller wrote:
On Wed, 15 Mar 2006, Ed Gerck wrote:
[snip]
...allows the detection of man-in-the-middle (MiTM) attacks by
displaying a short authentication string for the users to read and
compare over the phone.
Depends on the trust model. May not work.
This is incomplete. The
On 3/17/06, Weger, B.M.M. de [EMAIL PROTECTED] wrote:
You might be interested in knowing that my MSc student
Marc Stevens has found a considerable speedup of MD5
collision generation. His improvements of Wang's method
enables one to make MD5 collisions typically in one
minute on a PC;
That's not what I described. An attacker uses his own ZID
and valid shared secrets that he creates with A and B on
some prior occassion. In other words -
* M talks to A as himself. This creates cached AM secret.
* M talks to B as himself. This creates cached BM secret.
* M intercepts A-B
Congratulations to Marc Stevens, who described a method for fast
collision attack on MD5!
Just now (! it is a collision !) I have finished the translation of
my paper Vlastimil Klima: Tunnels in Hash Functions: MD5 Collisions
Within a Minute.
It is based on a new method, tunneling. Using it on