Bugtraq mailing list archives
Re: MD5 To Be Considered Harmful Someday
From: Joel Maslak <jmaslak () antelope net>
Date: Tue, 7 Dec 2004 18:46:20 -0700 (MST)
On Mon, 6 Dec 2004, Dan Kaminsky wrote:
I've been doing some analysis on MD5 collision announced by Wang et al. Short version: Yes, Virginia, there is no such thing as a safe hash collision -- at least in a function that's specified to be cryptographically secure. The full details may be acquired at the following link:
The short-term fix seems to be something I've been recommending for a while: Compute hashes with both SHA-1 and MD5. The chance of one algorithm becoming compromised in the mid-term is relatively high IMHO (I was responsible for a PKI system which had to keep integrity for 20 year periods of time - not an easy task considering what we don't know about the future). The chance of two becoming compromised is relatively less. The chance of a problem with MD5 and SHA-1 allowing two different files to have collisions in both algorithms in *BOTH* is very very small. -- Joel
Current thread:
- Re: MD5 To Be Considered Harmful Someday, (continued)
- Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Pavel Kankovsky (Dec 09)
- Re: MD5 To Be Considered Harmful Someday Solar Designer (Dec 13)
- Re: MD5 To Be Considered Harmful Someday George Georgalis (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Ruth A. Kramer (Dec 08)
- Re: MD5 To Be Considered Harmful Today Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Today Pavel Machek (Dec 08)
- Re: MD5 To Be Considered Harmful Today Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Jack Lloyd (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Jack Lloyd (Dec 08)