Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Nov 2014 15:41:51 +1100
From: Michael Samuel <>
Subject: Re: is MD5 finally dead?


On 5 November 2014 15:21, Kurt Seifried <> wrote:
> It seems like MD5 should probably be classed with DES as instant CVE
> win, either now, or pretty soon....

This is the same chosen-prefix attack that was used to forge
certificates.  Using md5 in
a collision-hostile environment is definitely CVE worthy, and has been
for a while. (BTW,
no CVE for rsync yet)

In the case of an unknown-prefix, HMAC[1] or anything requiring a preimage, it's
just hardening to use swap out MD5 (and SHA-1).

[1] Unless you accidentally swap the key and data fields!

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ