[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4




"David F. Ogren" writes:
> > I'm afraid you are totally wrong here. MD4 has been completely
> > broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> > trustworthy, either -- it was broken recently. Stick to SHA.
> > 
> 
> Unless you are aware of some attack that I'm not, this is the most current 
> information on MD4 and MD5:
> 
> MD4 has had successful attacks on limited rounds.  It has _not_ been 
> completely cracked.

Could you please quit spewing inaccurate information?

Dobbertin completely cracked MD4 already, and found MD5 collisions in
a document circulated on May 2nd that mean it isn't far behind.

The comments you are making are dangerous because they encourage
people who don't know better to think that hashes which are known
unsafe are safe. Please quit posting until you start monitoring the
field enough to have accurate sources of information.

[...]
Forward from sci.crypt on 11 Jun 1996 14:22:03 GMT
  <[email protected]> wrote (Re: "MD5 discussion"):

>In view of the continuing discussion about MD5, I want to make a few
>comments, which hopefully can help to avoid some misunderstandings
>and misinterpretations:

>1. In February 1996 my paper "Cryptanalysis of MD4" appeared (Fast
>Software Encryption, Cambridge Proceedings, Lecture Notes in Computer
>Sciences, vol. 1039, Springer-Verlag, 1996, pp. 71-82). In this
>paper, as an example two versions of a contract are given with the
>same MD4 hash value. Alf sells his house to Ann, in the first version
>the price is $176,495 and in the second it is $276,495. The contracts
>have been prepared by Alf. Now if Ann signs the first version with
>$176,495 then Alf can altered to price to $276.495 ...  In principle
>this risk occurs, if you use a hash function for which (senseful)
>collisions can be found, whenever you allow another person to have
>influence on the contents of a document you are signing.
[...]