[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page
I think that statement is accurate so far as it goes. But I do not think it
should be used.
The trouble is that it could be read to imply that MD5 is still considered an
adequate secure hash, and I believe that is not the case. The attacks found
against MD5 are more than sufficient to disqualify it from consideration except
in cases where it is required for backward compatibility.
If there were no alternatives, it would be worth doing the detailed analysis to
see just exactly what subset of hash function applications have not yet been
broken for MD5, but there are better alternatives, so the simple and prudent
approach is to drop MD5 outright and not use it for anything.
So I think a better statement would be: "MD5 no longer meets some of the
primary requirements of a secure hash function. While in principle there still
are some applications where it could be used, a prudent approach to security
implies that MD5 should be viewed as obsolete and should not be used for new
> From: Julian Fagir <gnrp%komkon2.de@localhost>
> To: gnats%netbsd.org@localhost
> Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1) man
> Date: Sun, 24 Jun 2012 01:03:02 +0200
> What about the following sentence?
> While several messages with the same message digests have been found, it is
> still considered unfeasible to generate a message with a prespecified message
> Regards, Julian
Main Index |
Thread Index |