[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4



At 02:05 AM 7/1/96 -0400, David F. Ogren wrote:
> I stand by my statements. 

When you are deep in a hole, it is time to quit digging.


> The problems that you bring up have to do with situations 
> where an active attacker develops a slightly different 
> pair of documents with the same hash.
>
> Although this is highly undesirable characteristic for a 
> hash function, [...]

No kidding.

Current state of the art is that MD4 is broken for signing
documents prepared by other people, and MD5 may be broken 
soon, but MD4 is not broken as proof of authorship.

So if everyone was using MD4 for PGP signing, which they are
not, it would still not be a problem for most people.  But
it would be a problem for authors of software, who should
know that a security bug that sinks only *some* people is still
a security bug.  

Therefore no author of software should
employ MD5 or MD4 in new software, but existing users
of software that employs MD5 and MD4 should not panic.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   [email protected]