[Cfrg] Applications of target collisions: Pre or post-dating MD5-based RFC 3161 time-stamp tokens
Alfonso De Gregorio
adg at crypto.lo.gy
Fri Oct 27 08:09:20 EDT 2006
Hi Steven, hi Benne,
Yes, this is a sweet and sour truth. We are not getting closer to
preimage attacks. We are getting more far away from considering preimage
and second-preimage resistance sufficient hash-function requirements for
the real-world security of some protocols.
Cheers,
-- Alfonso http://crypto.lo.gy
Weger, B.M.M. de wrote:
>> So how close are we getting to first or second preimage attacks?
>>
>
> As far as we know, not one bit closer.
> Best known attack on MD5 preimage resistance still is brute force.
>
> You may interpret our result as enlarging the applicability of
> collision attacks. In that sense the gap to preimage attacks has
> diminished. But we have no measure available to tell by how much.
>
> Grtz,
> Benne de Weger
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list