[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 collisions found - alternative?


it is true that collisions have been found in md5 (and a lot of other hash functions of that `family', cfr. the links you mention).

this means that the hash functions should certainly no longer be used in applications relying on the collision-resistance of the hash function, e.g., everything where md5withRsa is used should be replaced (note that md5 was considered deprecated already mid-nineties), but the verification of password hashes, such as used in pam, rely on the hash function's oneway-feature rather than on its collision-resistance...

cu, g.

expert in just too late deliveries and applied cryptography
mail: decockd:at:esat:dot:kuleuven:dot:ac:dot:be              http://godot.be
      godot:at:advalvas:dot:be                  http://godot.studentenweb.org
      godot:at:godot:dot:be      web: http://www.esat.kuleuven.ac.be/~decockd

On Tue, 24 Aug 2004, Robert Trebula wrote:


Maybe you have already noticed - collisions have been found in MD5 hashing algorithm:


My question is: Is there an easy way to make my debian sid installation use something else (better) than md5 for various things? Namely SHA-1 with some longer output in PAM.

PGP fingerprint: FEB3 D653 F918 8B07 83B1 E4BD A3ED B11E 1DD5 ACD7

Reply to: