[lug] Interesting sum "weakness"
Jeffrey B. Siegal
jbs at quiotix.com
Thu Sep 14 14:21:12 MDT 2000
Tkil wrote:
> >>>>> "Jeffrey" == Jeffrey B Siegal <jbs at quiotix.com> writes:
>
> Jeffrey> Good info, and it definitely makes sense to be cautious about
> Jeffrey> MD5, but nothing here says that anyone can, at present "make
> Jeffrey> it generate a specific output."
>
> uh, that's what "create a collision" means.
Actually it doesn't. To create a collision you need only find *any* two
different strings which produce the same digest. That's (probably) much
easier than producing a second string which produces a specific output
(obtained from a first string).
Moreover, the message you quote says, about MD5:
> Certainly this requires a lot of hard additional work.
> ...
> 5. My conclusions are: no reason for panic, but in future
> implementations better move away from MD5.
Bottom line is that no one can, at present, based on public information,
make MD5 generate a specific output.
More information about the LUG
mailing list