[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 considered insecure?

To: Ran Atkinson <rja@cisco.com>, Steven Bellovin <smb@research.att.com>
Subject: Re: MD5 considered insecure?
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 08 May 1996 15:18:37 -0400
Cc: ipsec@TIS.COM
In-Reply-To: rja's message of Tue, 07 May 1996 15:47:47 -0700. <199605072247.PAA16578@puli.cisco.com>
Sender: ipsec-approval@neptune.tis.com

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

     I'm hoping to see some discussion on the list about how to proceed after
   folks have had the time to read and digest the material Steve has passed
   along.

The paper says "the computation of such a collision takes about 10
hours on a pentium PC", but it doesn't give the starting conditions of
the attack -- is it free to choose the IV and both inputs (in which
case it's not likely to turn into a practical attack), or are any of
those values fixed?

Given that HMAC uses (essentially) secret IV's, it's not clear how
much danger this attack presents to HMAC-MD5, as opposed to systems which hash 
only plaintext and then sign the hash..

Anyone have more details?

						- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZDzhlpj/0M1dMJ/AQF3nAP9Geq0tUv9lPkl8UvmdW1CY874CLZ4YhlR
hePDfZOv34LlZ06KFohIHfyk20ShF01Dk5kX/upuLMmb9bFJtqiIXXBYWGkEdWrh
FF5DlzsR3CTd8dyoH7xNyS+ec5nhlKs+dxkpuPDm+pzo67I0OsF2pVuS3AxQ1UDy
8IS5NpZzNT4=
=SMPS
-----END PGP SIGNATURE-----

References:

Re: MD5 considered insecure?

From: Ran Atkinson <rja@cisco.com>

Prev by Date: Re: MD5 considered insecure?
Next by Date: HMAC-MD5: to be or not to be?
Prev by thread: Re: MD5 considered insecure?
Next by thread: RE: MD5 considered insecure?
Index(es):
- Main
- Thread