[lug] Interesting sum "weakness"
Tkil
tkil at scrye.com
Wed Sep 13 21:43:10 MDT 2000
more information on the MD5 issues:
http://www.math.fu-berlin.de/~guckes/md5/
gives references to the collision work (scroll down to the section
entitled "MD5 - Security").
http://www.vpnc.org/ietf-ipsec/97.ipsec/msg01855.html
a view from the ipsec side of things. incidental, and no obvious
references that i can see, but it does help one to think of the
situations in which a "ten hour collision construction" may or may
not be important when using MD5.
http://www.uni-mainz.de/~pommeren/DSVorlesung/Material/MD5.Dobbertin
words from the author himself.
http://the.wiretapped.net/security/textfiles/crypto-misc/standard-cryptographic-algorithm-naming.html
has links to a PS version of the note from Hans Dobbertin as well
as the note from RSA regarding his attacks. Quoting:
Given the surprising speed with which techniques on MD4 were
extended to MD5 we feel that it is only prudent to draw a
cautious conclusion and to expect that collisions for the entire
hash function might soon be found.
the link given is to:
ftp://ftp.rsa.com/pub/pdfs/bulletn4.pdf
a condensed note (only 6 pages, reasonably easy reading, lots of
background) that explains current status of MD2, MD4, MD5 (all
effectively broken, MD5 "least broken" and therefore possibly still
useful for some purposes), and alternatives. note that MD5 was
released into the public domain (most likely because they wanted it
integrated into a standard which would refuse proprietary or
patented solutions), so RSA has no stake in keeping its weaknesses
hidden.
enough web searching for now,
t.
More information about the LUG
mailing list