[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4

To: [email protected]
Subject: Re: rsync and md4
From: Steve Reid <[email protected]>
Date: Sat, 29 Jun 1996 20:10:54 -0700 (PDT)
cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

> > MD4 is not strong- people can deliberately produce files with the same
> > hash in a matter of minutes. MD5 is secure for now, but it seems to be
> > gradually falling to cryptanalysis, and should be phased out of use before
> > it breaks. IMO the best hash algorithm is SHA1 (which is an updated
> > version of the original SHA). Do a web search for "FIPS PUB 180-1" for the
> > specs. 
> 
> Do you have references to the md4 collision stuff? The situation I
> have is a bit unusual so its just possible some of the results may
> apply. 

Sorry, I was actually thinking of two-pass Snerfu that can be collided in
a matter of minutes... I'm fairly certain that MD4 is collidable, but I
don't remember where I read that, and I'm not sure how much time it would
take.

I'm quite certain that MD4 will not collide by accident, so it would 
probably be okay for you.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: [email protected]   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

References:
- Re: rsync and md4
  - From: Andrew Tridgell <[email protected]>

Prev by Date: Re: rsync and md4
Next by Date: Re: rsync and md4
Prev by thread: Re: rsync and md4
Next by thread: Re: rsync and md4
Index(es):
- Date
- Thread