MD5 To Be Considered Harmful Someday
James A. Donald
jamesd at echeque.com
Tue Dec 7 18:57:38 EST 2004
--
On 6 Dec 2004 at 16:14, Dan Kaminsky wrote:
> * Many popular P2P networks (and innumerable distributed
> content databases) use MD5 hashes as both a reliable search
> handle and a mechanism to ensure file integrity. This makes
> them blind to any signature embedded within MD5 collisions.
> We can use this blindness to track MP3 audio data as it
> propagates from a custom P2P node.
This seems pretty harmful right now, no need to wait for
someday.
But even back when I implemented Crypto Kong, the orthodoxy was
that one should use SHA1, even though it is slower than MD5, so
it seems to me that MD5 was considered harmful back in 1997,
though I did not know why at the time, and perhaps no one knew
why.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
bEcutcm49V2l4gs02N+hlx0RuvlNCxolYqbHGLNY
4kL6H698sHcon3pASMijUxPq4KE3Se5Mp7xNpDH7r
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list