[16510] in cryptography@c2.net mail archive
MD5 To Be Considered Harmful Someday
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Dec 7 22:15:32 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Tue, 07 Dec 2004 15:57:38 -0800
In-reply-to: <41B4F5F9.1020505@doxpara.com>
--
On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
> * Many popular P2P networks (and innumerable distributed
> content databases) use MD5 hashes as both a reliable search
> handle and a mechanism to ensure file integrity. This makes
> them blind to any signature embedded within MD5 collisions.
> We can use this blindness to track MP3 audio data as it
> propagates from a custom P2P node.
This seems pretty harmful right now, no need to wait for
someday.
But even back when I implemented Crypto Kong, the orthodoxy was
that one should use SHA1, even though it is slower than MD5, so
it seems to me that MD5 was considered harmful back in 1997,
though I did not know why at the time, and perhaps no one knew
why.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
bEcutcm49V2l4gs02N+hlx0RuvlNCxolYqbHGLNY
4kL6H698sHcon3pASMijUxPq4KE3Se5Mp7xNpDH7r
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
