I've read the paper. What is stunning, that I've written similar paper
named "Practical Attacks on Digital Signatures Using MD5 Message
Digest" using very similar techniques only recently. It was submitted
to Cryptology ePrint Archive (http://eprint.iacr.org) a week ago, on
December 2nd. They will
>From: "James A. Donald" <[EMAIL PROTECTED]>
>Sent: Dec 7, 2004 6:57 PM
>To: [EMAIL PROTECTED]
>Subject: MD5 To Be Considered Harmful Someday
>But even back when I implemented Crypto Kong, the orthodoxy was
>that one should use SHA1, even though it is slower
"James A. Donald" <[EMAIL PROTECTED]> writes:
> --
> On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
>> * Many popular P2P networks (and innumerable distributed
>> content databases) use MD5 hashes as both a reliable search
>> handle and a mechanism to ensure file integrity. This makes
>> them
--
On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
> * Many popular P2P networks (and innumerable distributed
> content databases) use MD5 hashes as both a reliable search
> handle and a mechanism to ensure file integrity. This makes
> them blind to any signature embedded within MD5 collisions.
al --
the paper's titled "MD5 To Be Considered Harmful Someday" for a reason.
Some people have said there's no applied implications to Joux and Wang's
research. They're wrong; arbitrary payloads can be successfully
integrated into a hash collision. But the attack