[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases
Don Davis
dtd at world.std.com
Sun Apr 4 17:56:51 EDT 2004
hi, mr. reinhold --
there's stronger reason than the ones you cite,
to distrust md5 as a message-digest. see these
old sci.crypt threads, and the google-search below,
for discussions of hans dobbertin's 1996 crack
of md5:
http://tinyurl.com/2ox7g
http://tinyurl.com/3x446
http://google.com/search?q=dobbertin+md5&num=30
btw, in a phone conversation, dobbertin emphasized
to me that his attack only works when md5 is used
as a message-digest; it doesn't work when md5 is
used with a key to prepare a MAC. he also mentioned
that while sha-1 may be vulnerable to an attack of
a similar style (because sha-1 is similar in struc-
ture to md5), he himself was forbiddden by german
law to work to cryptanalyze sha-1, because he worked
at that time for the german federal security service,
and so wasn't allowed to attack the USG's standard
ciphers. now he's at ruhr university (in bochum),
but i don't know whether he's more of a free agent.
- don davis, boston
> To: mac_crypto at vmeng.com
> From: "Arnold G. Reinhold" <reinhold at world.std.com>
> Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
> software
> releases
> Sender: mac_crypto-admin at vmeng.com
> Reply-To: mac_crypto at vmeng.com
> List-Id: Macintosh Cryptography <mac_crypto.vmeng.com>
> List-Archive: <http://www.vmeng.com/pipermail/mac_crypto/>
> Date: Sun, 4 Apr 2004 06:17:55 -0500
>
> The cryptographic hash function MD5 has long been used to
> authenticate software packages, particularly in the Linux/Unix/open
> source community. This has carried over to Apple's OS-X. The MD5 hash
> of an entire package is calculated and its value is transmitted
> separately from the package. Users who download the package compute
> the hash of the copy they received and match that value against the
> original.
...
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list