(OT) MD5 collisions (was Re: How to edit PDF?)
hometoast
hometoast at gmail.com
Mon Nov 28 12:46:57 UTC 2005
Which is a good reason to use both md5 and sha1. the two together will be
more than sufficient as the chances of both colliding are nil.
IMHO the md5 collisions are not really going to have an impact in every day
use; (offtopic) imagine the case where md5 is not "valid" AND source
includes some sort of payload.
On 11/27/05, Chosechu <chosechu at gmail.com> wrote:
>
>
> Do not use MD5 for cryptographic signatures!
> It has been broken. Have a look at:
>
> http://www.cits.rub.de/MD5Collisions/
>
> for meaningful human-readable documents hashing to the
> same MD5 sum.
>
> Looks like SHA1 is taking the same path as MD5.
> Other hash functions with a longer future could
> be SHA-256, SHA-512.
>
> --
> Chosechu
>
>
> David Teague(T-bird acct) wrote:
> > Tristan Wibberley wrote:
> >
> >> David Teague(T-bird acct) wrote:
> >>
> >>> That is one use for MD5 check sums. It doesn't make the
> >>> file inviolable, but it gives the recipient an almost unbreakable
> >>> check against tampering.
> >>>
> >>
> >> MD5 based signatures probably don't do that anymore. md5 is now pretty
> >> easy to break (a researcher recently released a tool to find md5
> >> collisions) and any file format that enables you to make changes that
> >> are not apparent when rendered is extremely susceptible to such
> attacks.
> >> That includes pdf and postscript. You should certainly be using at
> least
> >> SHA-1 for this now.
> >>
> > Well Dang! Is there a mechanism that is better
> > than MD5 (i.e. that is 'almost' unbreakable) ??
> >
> > A slightly different way might be to encrypt. There is
> > 128 bit encryption .... is it any good for this purpose?
> > The theory says that given sufficient computing power,
> > any encryption can be broken. I would like to find one
> > that nobody but a government (or Microsoft) will have
> > the resources to break it -- at least for a year or two.
> >
> > Warm Regards
> > David
> >
> > -- -- David Teague, cs.wcu.edu/~dbt -- Advocating Free Software and
> > Double Bass tuned in fifths -- Classical Bass www.dennismasuzzo.com;
> > www.silviodallatorre.com; www.joelquarrington.com -- Jazz Upright Bass
> > Red Mitchell, home.teleport.com/~mimuma/; www.larryholloway.com/;
> >
> >
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20051128/5af3714f/attachment.html>
More information about the ubuntu-users
mailing list