[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On Tue, Dec 26, 2000 at 10:52:47PM +0100, Christian Kurz wrote:
> On 00-12-26 Peter Cordes wrote:
> > have produced collisions in MD5.  This is a Bad Thing for MD5, but it isn't
> > a real break against MD5.  It means that you can find two messages that hash
> > to the same value.  To do so, you _have_ to choose both messages yourself.
> > If one of the messages is /bin/su, you are almost certainly out of luck.
> > Nobody has figured out how to make another message that collides with a
> > given message.  It only works if they create _both_ messages.
> Cool, would you then please explain why Bruce Schneier writes about MD5:
> "I am wary of using MD5" in his book "Applied Cryptograhy" and the end
> of the section about MD5?
> Ciao
>      Christian

For some applications the collision-resistance property is critical. Simply
computing and storing one-way hashes IS NOT an application which depends on     this property.

> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Reply to: