Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page

[Alistair Crooks <agc%pkgsrc.org@localhost>]

The following reply was made to PR bin/44160; it has been noted by GNATS.

From: Alistair Crooks <agc%pkgsrc.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1) man 
page
Date: Sat, 27 Nov 2010 05:48:52 +0100

 On Sat, Nov 27, 2010 at 03:45:00AM +0000, Taylor R Campbell wrote:
 >      The md5(1) man page claims of MD5 message digests that
 > 
 >              `It is conjectured that it is computationally
 >              infeasible to produc[e] two messages having the same
 >              message digest, or to produce any message having a
 >              given prespecified target message digest.'
 > 
 >      This has not been true for many years.  In particular, not only
 >      have collisions been found, but they are so easy to find that
 >      they have been used successfully to forge x.509 certificates
 >      from commercial certification authorities; see
 >      <http://www.win.tue.nl/hashclash/rogue-ca/>.
 
 Beware of confusing two different things; the first part of the quoted
 sentence relates to weak collisions, and you are correct that time has
 overtaken the text.  The second part of the sentence relates to
 pre-imaging attacks, and the current (theoretical) pre-imaging
 weakness of md5 (from 2009) is 2^123.4 - http://en.wikipedia.org/wiki/MD5
 
        "In April 2009, a preimage attack against MD5 was published
        that breaks MD5's preimage resistance.  This attack is only
        theoretical, with a computational complexity of 2123.4 for
        full preimage and 2116.9 for a pseudo-preimage.[27]"
 
 Regards,
 Alistair