|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com To: "James A. Donald" <jamesd@echeque.com> Cc: cryptography@metzdowd.com Reply-To: EKR <ekr@rtfm.com> From: Eric Rescorla <ekr@rtfm.com> Date: Tue, 07 Dec 2004 21:01:40 -0800 In-Reply-To: <41B5D2F2.6206.19C061D@localhost> (James A. Donald's message of "Tue, 07 Dec 2004 15:57:38 -0800") "James A. Donald" <jamesd@echeque.com> writes: > -- > On 6 Dec 2004 at 16:14, Dan Kaminsky wrote: >> * Many popular P2P networks (and innumerable distributed >> content databases) use MD5 hashes as both a reliable search >> handle and a mechanism to ensure file integrity. This makes >> them blind to any signature embedded within MD5 collisions. >> We can use this blindness to track MP3 audio data as it >> propagates from a custom P2P node. > > This seems pretty harmful right now, no need to wait for > someday. > > But even back when I implemented Crypto Kong, the orthodoxy was > that one should use SHA1, even though it is slower than MD5, so > it seems to me that MD5 was considered harmful back in 1997, > though I did not know why at the time, and perhaps no one knew > why. Dobbertin's collision in the MD5 compression function was published in May of 1996. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |