> On Aug 31, 2025, at 11:16, nanog--- via NANOG <[email protected]> wrote: > > There is currently no known way to generate a private key that would match > your private key hash, faster than brute force, and MD5 still provides > adequate protection against brute-force attacks. > > While nobody should be designing new protocols using MD5 just because there > is no reason to use a hash algorithm that has *any* known weaknesses, its > known weaknesses are not relevant to this application. > > A method is known to generate two pieces of data with the same MD5 hash. This > isn't the same thing as saying that a method is known to generate a piece of > data with any given MD5 hash, or the same MD5 hash as another piece of data.
And that’s why this isn’t a CVE with a CVSS score. It’s just an indication of someone cutting corners in a way I’ve never seen before, that makes me wonder what other choices were made. I say that much. -Dan _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/G2NJ5JEFPYNQJLYQX5VVJ47NPVPFLKSS/
