[73624] in North American Network Operators' Group
Re: Senator Diane Feinstein Wants to know about the Benefits
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Mon Aug 30 16:58:59 2004
Date: Mon, 30 Aug 2004 16:39:56 -0400
To: Dan Hollis <goemon@anime.net>
From: Mike Tancsa <mike@sentex.net>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0408301310220.22285-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 04:12 PM 30/08/2004, Dan Hollis wrote:
>yep md5 made the news recently because it's been cracked:
>
>http://techrepublic.com.com/5100-22-5314533.html
>http://www.rtfm.com/movabletype/archives/2004_08.html#001055
Thats a misleading over simplification. A collision being found implies
something different than "its cracked." A weakness that was theorized
sometime ago has been demonstrated in practice. Finding collisions and
altering files in a useful way to produce a duplicate hash are different
things. There are FAR bigger security concerns than this one right now IMHO.
I recall even seeing posts about people claiming this meant original data
being reconstructed from the checksum! That would be truly amazing since I
could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!
---Mike
---Mike
