[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 collisions found - alternative?

On 24 Aug 2004, Robert Trebula wrote:
> Maybe you have already noticed - collisions have been found in MD5 
> hashing algorithm:
> http://eprint.iacr.org/2004/199.pdf
> http://www.freedom-to-tinker.com/archives/000664.html
> http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
> My question is: Is there an easy way to make my debian sid installation
> use something else (better) than md5 for various things? Namely SHA-1 
> with some longer output in PAM.

The SHA family have also been found to be weaker than expected also, so
it looks like both common crypto hash sets are on somewhat shaky ground
at the moment.

The best current answer is probably to wait a month or two as the dust
settles and the crypto community, especially through the IETF, move
forward with recommendations about where we go from here.

Jumping half-prepared to some other hash opens the door to a second
costly migration if your hash of choice turns out to be the wrong one. ;)

Also, while there are issues with those hash algorithms, I don't think
they are quite bad enough that there is a significant *immediate* risk
to my systems; the cost of breaking in through the detected collisions
is lower than the risk of a bad password, etc.


In protocol design, perfection has been reached not when there is nothing left
to add, but when there is nothing left to take away.
        -- RFC 1925

Reply to: