[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4



> > MD4 is not strong- people can deliberately produce files with the same
> > hash in a matter of minutes. MD5 is secure for now, but it seems to be
> > gradually falling to cryptanalysis, and should be phased out of use before
> > it breaks. IMO the best hash algorithm is SHA1 (which is an updated
> > version of the original SHA). Do a web search for "FIPS PUB 180-1" for the
> > specs. 
> 
> Do you have references to the md4 collision stuff? The situation I
> have is a bit unusual so its just possible some of the results may
> apply. 

Sorry, I was actually thinking of two-pass Snerfu that can be collided in
a matter of minutes... I'm fairly certain that MD4 is collidable, but I
don't remember where I read that, and I'm not sure how much time it would
take.

I'm quite certain that MD4 will not collide by accident, so it would 
probably be okay for you.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: [email protected]   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)