NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page

On Sat, Nov 27, 2010 at 03:45:00AM +0000, Taylor R Campbell wrote:
>       The md5(1) man page claims of MD5 message digests that
>               `It is conjectured that it is computationally
>               infeasible to produc[e] two messages having the same
>               message digest, or to produce any message having a
>               given prespecified target message digest.'
>       This has not been true for many years.  In particular, not only
>       have collisions been found, but they are so easy to find that
>       they have been used successfully to forge x.509 certificates
>       from commercial certification authorities; see
>       <>.

Beware of confusing two different things; the first part of the quoted
sentence relates to weak collisions, and you are correct that time has
overtaken the text.  The second part of the sentence relates to
pre-imaging attacks, and the current (theoretical) pre-imaging
weakness of md5 (from 2009) is 2^123.4 -

        "In April 2009, a preimage attack against MD5 was published
        that breaks MD5's preimage resistance.  This attack is only
        theoretical, with a computational complexity of 2123.4 for
        full preimage and 2116.9 for a pseudo-preimage.[27]"


Home | Main Index | Thread Index | Old Index