Re: Debian audititing tool?
On Tue, Dec 26, 2000 at 10:52:47PM +0100, Christian Kurz wrote:
> On 00-12-26 Peter Cordes wrote:
> > have produced collisions in MD5. This is a Bad Thing for MD5, but it isn't
> > a real break against MD5. It means that you can find two messages that hash
> > to the same value. To do so, you _have_ to choose both messages yourself.
> > If one of the messages is /bin/su, you are almost certainly out of luck.
> > Nobody has figured out how to make another message that collides with a
> > given message. It only works if they create _both_ messages.
>
> Cool, would you then please explain why Bruce Schneier writes about MD5:
> "I am wary of using MD5" in his book "Applied Cryptograhy" and the end
> of the section about MD5?
>
> Ciao
> Christian
>
For some applications the collision-resistance property is critical. Simply
computing and storing one-way hashes IS NOT an application which depends on this property.
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
dg
Reply to: