Open Phugu wrote:
On 5/6/07, Adam Hawes <[EMAIL PROTECTED]> wrote:
> Um, can you site a single *real world* example of where md5 sums
> have been co-opted in any way? Yes, md5 now has a weakness, but
> really, are there any cases of anyone having actually exploited it?
That is not my point. My point is that if MD5 is weak, attackers *will*
begin to exploit such a weakness.
This isn't about IF the problem will occur, but WHEN! There is a known
exploit and anybody who doesn't take steps to mitigate that now is just
crazy (or lazy).
Cryptographic attacks grow easier as time goes on. The attack is
improved,
the cost of a CPU cycle goes down... We need to change to SHA256 or
SHA512
now instead of when script kitties will regularly be forging MD5 hashes.
remember that collisions !=> arbitrary code can be inserted unless
attacker has control over the "good" files. search the archives.
