[37639] in bugtraq
Re: MD5 To Be Considered Harmful Someday
daemon@ATHENA.MIT.EDU (Joel Maslak)
Wed Dec 8 14:38:23 2004
Date: Tue, 7 Dec 2004 18:46:20 -0700 (MST)
From: Joel Maslak <jmaslak@antelope.net>
To: Dan Kaminsky <dan@doxpara.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <41B4EB5E.6070106@doxpara.com>
Message-ID: <Pine.LNX.4.56.0412071842540.4478@redsky.antelope.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 6 Dec 2004, Dan Kaminsky wrote:
> I've been doing some analysis on MD5 collision announced by Wang et al.
> Short version: Yes, Virginia, there is no such thing as a safe hash
> collision -- at least in a function that's specified to be
> cryptographically secure. The full details may be acquired at the
> following link:
The short-term fix seems to be something I've been recommending for a
while:
Compute hashes with both SHA-1 and MD5.
The chance of one algorithm becoming compromised in the mid-term is
relatively high IMHO (I was responsible for a PKI system which had to keep
integrity for 20 year periods of time - not an easy task considering what
we don't know about the future). The chance of two becoming compromised
is relatively less. The chance of a problem with MD5 and SHA-1 allowing
two different files to have collisions in both algorithms in *BOTH* is
very very small.
--
Joel
