Re: Debian audititing tool?

To: debian-security@lists.debian.org
Cc: Christian Kurz <shorty@debian.org>
Subject: Re: Debian audititing tool?
From: Daniel Ginsburg <dg@warpsolutions.com>
Date: Wed, 27 Dec 2000 01:20:01 +0300
Message-id: <[🔎] 20001227012001.A2852@cloud.warpsolutions.ru>
Mail-followup-to: dg, debian-security@lists.debian.org, Christian Kurz <shorty@debian.org>
In-reply-to: <[🔎] 20001226225247.B27811@bofh.de>; from shorty@debian.org on Tue, Dec 26, 2000 at 10:52:47PM +0100
References: <[🔎] 20001221211506.A14827@ignuthuam> <[🔎] 20001221133919.G27036@bofh.de> <[🔎] 87vgs71bzq.fsf@winter.inter-i.uni-mainz.de> <[🔎] 20001226160230.A26452@bofh.de> <[🔎] 87bstz188r.fsf@winter.inter-i.uni-mainz.de> <[🔎] 20001226173754.B27089@bofh.de> <[🔎] 20001226173423.A14515@llama.nslug.ns.ca> <[🔎] 20001226225247.B27811@bofh.de>

On Tue, Dec 26, 2000 at 10:52:47PM +0100, Christian Kurz wrote:
> On 00-12-26 Peter Cordes wrote:
> > have produced collisions in MD5.  This is a Bad Thing for MD5, but it isn't
> > a real break against MD5.  It means that you can find two messages that hash
> > to the same value.  To do so, you _have_ to choose both messages yourself.
> > If one of the messages is /bin/su, you are almost certainly out of luck.
> > Nobody has figured out how to make another message that collides with a
> > given message.  It only works if they create _both_ messages.
> 
> Cool, would you then please explain why Bruce Schneier writes about MD5:
> "I am wary of using MD5" in his book "Applied Cryptograhy" and the end
> of the section about MD5?
> 
> Ciao
>      Christian
> 

For some applications the collision-resistance property is critical. Simply
computing and storing one-way hashes IS NOT an application which depends on     this property.

> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
dg

Reply to:

References:
- Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Rainer Weikusat <weikusat@mail.uni-mainz.de>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: Rainer Weikusat <weikusat@mail.uni-mainz.de>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@getuid.de>
- Re: Debian audititing tool?
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>

Prev by Date: Re: Debian audititing tool?
Next by Date: Re: Debian audititing tool?
Previous by thread: Re: Debian audititing tool?
Next by thread: Re: Debian audititing tool?
Index(es):
- Date
- Thread