[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4



-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 30 Jun 1996, Mike Duvos wrote:

> Has MD5 been broken again?  Or are you referring to that little
> collision problem which is unlikely to affect the security of the
> typical real life application?

The point isn't whether MD5 can be attacked in a "real life" application, but
that there is a flaw in MD5.  This means that it is weaker than an algorithm
like SHA that has no known cryptanalytical attacks against it.  Besides, a
hashing algorithm with a 128-bit output can be broken as easily as a 64-bit
encryption key.  MD5 shouldn't be used for that reason alone.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected]              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdblK7Zc+sv5siulAQHlCgP7BHta126r27mc0Xw9UKy4wnXhzu3AbRBM
QauVyh5hHvWKMJ7tXZEyDOtzvGCL3KalHCcXE7cfnybhOS6D+w9K/ZTafY0ASwP+
q6VHT1F3r0b616hL0wfp165X/qTVYKb4urWRU0p+hv9mQ0ET0ZoYpHJz66+7YJ5o
AcobTzBNQyk=
=oyfI
-----END PGP SIGNATURE-----