Bugtraq mailing list archives

Re: MD5 To Be Considered Harmful Someday

From: "George Georgalis" <george () galis org>
Date: Wed, 8 Dec 2004 16:30:56 -0500

On Tue, Dec 07, 2004 at 08:01:13PM -0800, David Schwartz wrote:

      Yes. At this point, MD5 should no longer be used for
applications where an adversary might have access to the data that
is being signed. That means it's no longer suitable for signing
certificates or authenticating data sent over a peer-to-peer
network. SHA1 with 160-bits is still, as far as we know, suitable for
all of these purposes.


Since you can't possibly mean absolutely suitable, can you clarify your
basis for suitability? I'm not asking for a technical proof, just the
general metrics used to make the determination.

If 160 bit SHA1 is good enough for one application but not another, what
does one need to know to decide for their own application?

// George


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george () galis org

Current thread:

Re: MD5 To Be Considered Harmful Someday, (continued)
- - - Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Keith Oxenrider (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Adam Shostack (Dec 09)
    - Re: MD5 To Be Considered Harmful Someday Solar Designer (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Pavel Kankovsky (Dec 09)
    - Re: MD5 To Be Considered Harmful Someday Solar Designer (Dec 13)
    - Re: MD5 To Be Considered Harmful Someday George Georgalis (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
  - Re: MD5 To Be Considered Harmful Someday Ruth A. Kramer (Dec 08)
- MD5 To Be Considered Harmful Today Pavel Machek (Dec 08)
  - Re: MD5 To Be Considered Harmful Today Dan Kaminsky (Dec 08)
    - Re: MD5 To Be Considered Harmful Today Pavel Machek (Dec 08)
    - Re: MD5 To Be Considered Harmful Today Dan Kaminsky (Dec 08)
- Re: MD5 To Be Considered Harmful Someday Joel Maslak (Dec 08)
  - Re: MD5 To Be Considered Harmful Someday Jack Lloyd (Dec 08)
  - Re: MD5 To Be Considered Harmful Someday Jack Lloyd (Dec 08)
- RE: MD5 To Be Considered Harmful Someday Rager, Anton (Anton) (Dec 08)