On Wed, 10 Nov 2004, [UNKNOWN] ¦~Zi dosman [UNKNOWN] qÇ^\qÇ^\ wrote:
Actually MD5 hasn't been broken... yet. A close cousin to MD5 was
broken, not the actual MD5 as we know it. It's still safe to use MD5
for the time being. However I would be on the look out for a
replacement if and when one becomes available. Sure there's SHA1, but
of course a pair of digests to compliment each other is prefered.
The paper was corrected the following day to account for the endianness
error. You can prove this to yourself pretty easily:
echo
d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0e99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70
> 1.asc
echo
d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a70
> 2.asc
xxd -r -p 1.asc > 1.bin
xxd -r -p 2.asc > 2.bin
cmp 1.bin 2.bin
md5sum 1.bin 2.bin
Of course, as someone else already said, nobody has found a way to
generate a collision with a *given* file. Currently these collisions
need to be constructed very carefully. So in practice it's not a major
concern... yet.
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
