Re: Debian audititing tool?
On 00-12-26 Peter Cordes wrote:
> have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't
> a real break against MD5. It means that you can find two messages that hash
> to the same value. To do so, you _have_ to choose both messages yourself.
> If one of the messages is /bin/su, you are almost certainly out of luck.
> Nobody has figured out how to make another message that collides with a
> given message. It only works if they create _both_ messages.
Cool, would you then please explain why Bruce Schneier writes about MD5:
"I am wary of using MD5" in his book "Applied Cryptograhy" and the end
of the section about MD5?