[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

md5 checksums used in DSA

MD5 is still used to produce file hashes in the DSA mails, for users to verify the integrity against errors and malicious intent. the use of PGP signing further suggests the intent to protect against malicious intent.

MD5 should not be used for this purpose. MD5 collisions can be produced by individuals on meaningful files.


demonstration: produced 10 different, meaningful, PDF documents with the same MD5 hash to "predict" the winner of the 2008 US elections.


demonstration: X.509 certificates from 2 different owners with the same MD5 hash

MD5 should be abandoned immediately in favor of a new hash.

2 possible candidates:

- SHA-1: the present day de-facto standard hash. no collisions have been found or published yet. it is currently broken to the extent that a collision can be produced with complexity 2^69. it is suggested that one can produce collisions in 56 hour per collision, with custom hardware worth USD 38 million.
recommendation is to not use it in new systems if possible.

- SHA-256: newer, bigger, hash function, not yet broken, should provide security for a very long time to come

Reply to: