Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page

[Alistair Crooks <agc%pkgsrc.org@localhost>]

On Sat, Nov 27, 2010 at 03:45:00AM +0000, Taylor R Campbell wrote:
>       The md5(1) man page claims of MD5 message digests that
> 
>               `It is conjectured that it is computationally
>               infeasible to produc[e] two messages having the same
>               message digest, or to produce any message having a
>               given prespecified target message digest.'
> 
>       This has not been true for many years.  In particular, not only
>       have collisions been found, but they are so easy to find that
>       they have been used successfully to forge x.509 certificates
>       from commercial certification authorities; see
>       <http://www.win.tue.nl/hashclash/rogue-ca/>.

Beware of confusing two different things; the first part of the quoted
sentence relates to weak collisions, and you are correct that time has
overtaken the text.  The second part of the sentence relates to
pre-imaging attacks, and the current (theoretical) pre-imaging
weakness of md5 (from 2009) is 2^123.4 - http://en.wikipedia.org/wiki/MD5

        "In April 2009, a preimage attack against MD5 was published
        that breaks MD5's preimage resistance.  This attack is only
        theoretical, with a computational complexity of 2123.4 for
        full preimage and 2116.9 for a pseudo-preimage.[27]"

Regards,
Alistair