[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
From: |
Jan Hudec |
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
Date: |
Wed, 16 Mar 2005 10:48:37 +0100 |
User-agent: |
Mutt/1.5.6i |
On Wed, Mar 16, 2005 at 10:02:35AM +0100, Karel Gardas wrote:
> On Wed, 16 Mar 2005, Andrew Suffield wrote:
>
> > On Wed, Mar 16, 2005 at 12:26:30PM +0600, Ivan Boldyrev wrote:
> > > > If someone finds a second pre-image attack against md5, then arch
> > > > will be in trouble (but so will just about anything else).
> > >
> > > MD5 is considered insecure for many years. Arch is already in trouble
> > > because Arch developers do not understand security.
> > >
> > > I am not security expert too, but designing security attack against
> > > Arch took less time than writing this message.
> >
> > This is pure nonsense. Go away and read /Beyond Fear/, and maybe
> > /Secrets & Lies/ as well. And CRYPTO-GRAM too, while you're at
> > it. I've seen journalists with better comprehension of security.
>
> I don't fully agree with Ivan's notes, but this does not change anything
> about the danger of using MD5, or does it? Please also read:
> http://cryptography.hyperlink.cz/2004/otherformats.html
Note however, that this article says that "in bzip2 and gzip formats,
the differing bits from colliding blocks won't be extracted into files,
so install script (Makefile, configure, etc.) would have to read the
original tar.bz2 or tar.gz." GNU Arch does not do this. But even then
MD5 is too close to trouble. I think that the practical attack is not
doable just yet (because so far it requires custom code to read the
coliding block), but it's highest time to change the hash functions.
--------------------------------------------------------------------------------
- Jan Hudec `Bulb'
<address@hidden>
- [Gnu-arch-users] MD5 is broken, Ivan Boldyrev, 2005/03/15
- Re: [Gnu-arch-users] MD5 is broken, Matthew Dempsky, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Jan Hudec <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16