On Fri, Dec 14, 2001 at 07:25:22PM -0600, Mark J Roberts wrote: > Timm Murray: > > To my knowledge (which is admittedly limited in this area; well, a lot of > > areas), MD5 was not completely broken, though it has been weakened somewhat. > > Not enough to completely deprecate it's use, but enough that many > > cryptographers will even choose something developed by NIST rather than use > > MD5. > > 128-bit hashes are almost vulnerable to birthday attacks. Trying 7 > trillion keys/second for a month may sound outlandish, but you could > build a special machine if you had a million bucks. > > Now it's also true that MD5's compression function likes to spit out > collisions, but this alone hasn't broken MD5. Birthday attacks would produce collisions yes, but if the original file is OK, the attacker has to produce a new file that a) has the right length b) has the right MD5 c) is a valid .DEB (quite a complex format I might add) d) does something bad This currently appears rather difficult.
-- The road to Tycho is paved with good intentions _______________________________________________ freenet-tech mailing list [EMAIL PROTECTED] http://lists.freenetproject.org/mailman/listinfo/tech
