NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page
On Sat, Nov 27, 2010 at 03:45:00AM +0000, Taylor R Campbell wrote:
> The md5(1) man page claims of MD5 message digests that
>
> `It is conjectured that it is computationally
> infeasible to produc[e] two messages having the same
> message digest, or to produce any message having a
> given prespecified target message digest.'
>
> This has not been true for many years. In particular, not only
> have collisions been found, but they are so easy to find that
> they have been used successfully to forge x.509 certificates
> from commercial certification authorities; see
> <http://www.win.tue.nl/hashclash/rogue-ca/>.
Beware of confusing two different things; the first part of the quoted
sentence relates to weak collisions, and you are correct that time has
overtaken the text. The second part of the sentence relates to
pre-imaging attacks, and the current (theoretical) pre-imaging
weakness of md5 (from 2009) is 2^123.4 - http://en.wikipedia.org/wiki/MD5
"In April 2009, a preimage attack against MD5 was published
that breaks MD5's preimage resistance. This attack is only
theoretical, with a computational complexity of 2123.4 for
full preimage and 2116.9 for a pseudo-preimage.[27]"
Regards,
Alistair
Home |
Main Index |
Thread Index |
Old Index