Re: MD5 collisions found - alternative?

To: debian-security@lists.debian.org
Subject: Re: MD5 collisions found - alternative?
From: Michael Stone <mstone@debian.org>
Date: Tue, 24 Aug 2004 08:47:43 -0400
Message-id: <[🔎] 20040824124743.GD5172@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040824115157.GA21890@kontryhel.haltyr.dyndns.org>
References: <[🔎] 412B14D7.2080300@deepblue.sk> <[🔎] 20040824113636.GC5172@mathom.us> <[🔎] 20040824115157.GA21890@kontryhel.haltyr.dyndns.org>

On Tue, Aug 24, 2004 at 01:51:57PM +0200, Jan Minar wrote:

Look at the URLs from the OP.


I'd seen them before he posted. It doesn't change what I said. The
possibility of md5 collisions has always been present. What we have now
is a confirmed collision. Ok. There's no indication of how the collision
was generated, so it's not clear that you can generate a collision for
arbitrary data, or that you can generate a "valid" string with a
colliding value, or that you can generate data to match an arbitrary
hash value. So the question remains, what are you using md5 for? This
definately requires some more research, but that should be done in a
deliberate fashion rather than running around chicken-little style
shouting "a collision has been found".

Mike Stone

Reply to:

References:
- MD5 collisions found - alternative?
  - From: Robert Trebula <r0b0@deepblue.sk>
- Re: MD5 collisions found - alternative?
  - From: Michael Stone <mstone@debian.org>
- Re: MD5 collisions found - alternative?
  - From: Jan Minar <jjminar@fastmail.fm>

Prev by Date: Re: MD5 collisions found - alternative?
Next by Date: Re: MD5 collisions found - alternative?
Previous by thread: Re: MD5 collisions found - alternative?
Next by thread: Re: MD5 collisions found - alternative?
Index(es):
- Date
- Thread