On Sunday, 19 January 2014 at 15:09:46 UTC, Kagamin wrote:
Isn't it you, who insist on ignorance to how a collision attack works and how it doesn't work? You insist on a magical approach to cryptography, that MD5 magic doesn't work and SHA3 magic works, but you should know that magic is a delusion, and delusion leads to failures and damage, so by spreading delusions, it's you who cause damage, not me.
Excuse me? Straw men arguments don't work here. Take that crap elsewhere. You keep asserting I say things that I don't say like crap like "You assume that Moores law doesn't work". Get out of here with that.
The fact that MD5 is weak against a collision attack means that it strictly provides weaker guarantees than the stronger SHA1, SHA2, and SHA3. No magic is necessary to know that with cryptography, attackers look for the weakest point in a chain to attack. Intentionally using something that provides weaker guarantees is foolish. And indeed a collision attack can cause problems, depending on what you want to do. I can't predict (nor can you) where some one will use a hash function expecting it to be secure, so the right thing to do is just suggest people use the stronger hash functions.
Furthermore, when talking about anything related to cryptography, we discuss things in terms of how much of a safety buffer we get. You're right that nothing is "perfectly safe" but when our estimations of safety suggest it should remain safe for at least 20 years, then we're fine with it. That's why we don't use MD5. Because it has known flaws AND because it no longer has the "shield" of collision resistance. For a hash function, if it is "collision resistant" that strictly means that no pre image attack exists either. You'd have to break through two walls to break the hash function. With MD5, there is no such safety buffer. It's one discovery away from being destroyed. Ergo, don't use it because it can turn from "no pre image attacks exist" to "here's the pre image attack" overnight.
Preempting your counterargument: Indeed such a thing can happen with SHA2, but the the likelihood of such a thing is essentially non existent. If we haven't even discovered a single collision ever, we don't find the likelihood of generating collisions at will likely nor do we find the likelihood of generating a specific collision likely either.
Finally, I have never suggested anyone work off of "this stuff is magic so be ignorant of it while working with it". Quite the opposite. You should be well educated with this stuff prior to working with it or else you risk exposing confidential information which can be quite damaging. Part of this is _don't deliberately ignore the recommendations of cryptography experts_. What you suggest people do, "despite being a non-expert, I suggest you do use MD5 because those experts clearly don't know what they're talking about" is dangerous. And stop with the straw men attacks because I'm sick of it. Actually, I'm sick of all of your crap. You can have the last word and if it's "ignore the cryptography experts because I'm smarter than them", then so be it. You might want to also let your employer know as well so they can give you a raise *wink*.
