[15954] in cryptography@c2.net mail archive
RE: MD5 collisions?
daemon@ATHENA.MIT.EDU (Whyte, William)
Wed Aug 18 14:03:35 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Whyte, William" <WWhyte@ntru.com>
To: Greg Rose <ggr@qualcomm.com>
Cc: Mads Rasmussen <mads@opencs.com.br>, cryptography@metzdowd.com
Date: Wed, 18 Aug 2004 12:04:56 -0400
> There has been criticism about the Wang et. al paper that "it doesn't
> explain how they get the collisions". That isn't right. Note that from the
> incorrect paper to the corrected one, the "delta" values didn't change.
> Basically, if you throw random numbers in as inputs, in pairs with the
> specified deltas, you should eventually be able to create your own MD5
> collisions for fun or profit.
So this is big. This doesn't just break collision resistance, it
breaks second preimage resistance. Is that right?
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
