Re: MD5 Collisions...

Colin Percival wrote:
> Norberto Meijome wrote:
>> should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :
>>
>> "     
>> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
>>      been made that its security is in some doubt.  The attacks on MD5 are in
>>      the nature of finding ``collisions'' -- that is, multiple inputs which
>>      hash to the same value; it is still unlikely for an attacker to be able
>>      to determine the exact original input given a hash value.
>> "
> 
> I fail to see how the man page is incorrect here.  What do you think it should
> be saying instead?

Perhaps, 1st two paras:

==============
Md5 is a cryptographic message digest algorithm.  It takes 
as input a message of arbitrary length and produces as 
output a 128-bit ``fingerprint'' or ``digest'' of the input. 
  Such algorithms are intended for applications where a 
large file must be ``compressed'' in a secure manner, 
suitable as a digital signature or as an input to a 
public-key cryptosystem for digital signature or encryption 
purposes.

MD5 is no longer recommended as a cryptographic message 
digest algorithm, although it functions very well as a big 
checksum.  It is now feasible (2004) to produce two messages 
having the same MD5 message digest (``collision'' attack), 
and attacks of this nature are getting better and faster. 
It is still conjectured to be computationally infeasible 
(2007) to produce any message having a given prespecified 
target message digest (``preimage'' attack).
==============

It's worth checking carefully ... discussing the minutiae of 
cryptographic algorithms is like angels dancing on a pin.

iang
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"