[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

To: [email protected] (Cypherpunks Mailing List)
Subject: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
From: [email protected] (Futplex)
Date: Tue, 24 Oct 1995 11:54:42 -0400 (EDT)
In-Reply-To: <[email protected]> from "Laurent Demailly" at Oct 24, 95 03:25:59 pm
Reply-To: [email protected] (Cypherpunks Mailing List)
Sender: [email protected]

Dr. Frederick B. Cohen writes:
# MD5 [...] which the members of this list seem to place unlimited trust in 
# (incorrectly in my view, 

Laurent Demailly writes:
> Can you elaborate with facts on the supposed weakness of MD5 ?

Remember the can-you-trust-PGP flamewar we had a few months ago ?

I believe Dr. Cohen's point is that no-one knows, AFAIK, how to prove that a
one-way hash is truly one-way (uninvertible). We cannot prove that MD5 is
secure, ergo we cannot (completely) trust it. [Please correct if this is a
substantially incorrect inference.]

One of the standard responses is "it's the best we can do". When people said
this about PGP, FBC made some (IMHO) interesting comments about the
encryption he uses in various circumstances. Perhaps he would like to share
his personal choices of one-way hash functions with us.

-Futplex <[email protected]>

Follow-Ups:
- Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
  - From: [email protected] (Dr. Frederick B. Cohen)
- Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
  - From: "Perry E. Metzger" <[email protected]>

References:
- MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
  - From: Laurent Demailly <[email protected]>

Prev by Date: Does your software?
Next by Date: Fred, Fred, Fred: Enough already!
Prev by thread: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
Next by thread: Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]
Index(es):
- Date
- Thread