[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Moving away from MD5



I think we should start moving away from MD5 as our main hash function.
MD5 has known weaknesses so that an attacker can quite possibly create
two files, differing maybe in a single bit or in quite a few bytes, but
having the same MD5 checksum.  Also, 128 bits are starting to be in the
range that can be attacked by brute force with a "birtday attack", which
requires only about 2^64 operations.  Check out comp.risks, 19.14 for
one possible attack using this scheme.  There may be others.

An attractive alternative would be RIPEMD-160.  SHA-1, another
alternative, has the main problem that its design parameters are secret.
Source code for RIPEMD-160 is avialiable, and the algorithm is in the
public domain.  For more information, you can check out
http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: