Subject: Re: Verifying a kernel.
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Tonnerre <tonnerre@thundrix.ch>
List: tech-kern
Date: 07/20/2005 21:20:49
--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Salut,
On Wed, Jul 20, 2005 at 10:04:56AM -0400, Steven M. Bellovin wrote:
> For security purposes, it's more dubious. But a lot depends on your=20
> threat model. As I noted the last time you raised the issue of MD5,=20
> the problem we're dealing with today is a collision attack, not a=20
> preimage attack.
Just to make that clear: MD5 has some more problems than just the blindness.
I raised the issue last time because MD5 has some other issues like
a certain symmetry that had been documented earlier.
Just don't rely on it anywhere.
Tonnerre
--envbJBWh7q8WU6mo
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFC3qQRXUVlAbfmNMIRAj3pAJ9uLXDTRAYXLPbkm/fyvGG+GLV1DACghLuV
i/IAv1D01ogiqIkeh6lo1UA=
=ASDN
-----END PGP SIGNATURE-----
--envbJBWh7q8WU6mo--