Orr Dunkelman wrote:
I read that to say "attacker can find two messages, A and B, that have the same hash". Now, the questions:I'm sad to announce that MD5 is no longer considered secure.
A recent research found how to produce collisions in MD5 (from md5sum) in
a small amount of time (1 hour + 5 minutes).
1. Do A and B have to follow some mathematical rule? I.e. - is it possible to say "This particular A cannot be the result of this attack"?
2. Does the attack still apply if one of them is chosen in advance? I.e. - is it possible for you to compute an identical hash to one that matches a message I already wrote?
If you try to recall the old days when you were a mere BA student and learned Crypto, one of the homework exercises of the course was along the following line:
1. Read the specs for Sha1
2. Show that any two messages that have the following structure have the same SHA1 hash.
(You gotta love studying with Eli Biham :-)
That attack, in and on itself, was not sufficient to say that SHA1 is broken, because the chances your original message follow that format is not high. Is this attack of a different nature?
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
-------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
