John Stiles wrote:
Jens Alfke wrote:
Also, you're aware that MD5 shouldn't be used for anything
security-related anymore? Last I heard it's pretty close to being
fully broken. SHA-1 is a lot more secure, and has a larger output
which itself makes collisions less likely.
"Fully broken"? I don't know about that. Simpler variants—I think it
was MD4?—have some kind of non-threatening attacks, e.g. the keyspace
for finding a packet with the same signature is several powers of 2
less than the full keyspace. But the matching packet will basically be
identical except a handful of bits are flipped. And AFAIK nobody is
even remotely close to finding a technique which would let you write
arbitrary data and then tack on a few bytes to get the signature you
want, and that's what I'd call "fully broken," at least that's what
you'd need to find in order to make an exploit. Nobody has done any of
this for real MD5 yet as far as I know. (In fact, I am not sure that
anyone has found any two packets that generate an identical MD5
signature!)
If you are not CPU bound, SHA-1 is probably better anyway, but don't
feel obligated to use it if it turns out to be a performance concern.
I think it's going to be quite some years before we see a viable
approach for hacking MD5 in such a way that it would create an actual
security concern.
I take it all back; in 2007 there was an MD5 attack discovered which
actually allows for completely different binaries that sign the same.
Check Wikipedia for the details, but basically MD5 is totally broken
now. Wow, times change!!
SHA-1 it is, if security is a concern.
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
