On Tue, Aug 24, 2004 at 01:51:57PM +0200, Jan Minar wrote:
Look at the URLs from the OP.
I'd seen them before he posted. It doesn't change what I said. The
possibility of md5 collisions has always been present. What we have now
is a confirmed collision. Ok. There's no indication of how the collision
was generated, so it's not clear that you can generate a collision for
arbitrary data, or that you can generate a "valid" string with a
colliding value, or that you can generate data to match an arbitrary
hash value. So the question remains, what are you using md5 for? This
definately requires some more research, but that should be done in a
deliberate fashion rather than running around chicken-little style
shouting "a collision has been found".
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
