Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Nov 2014 15:41:51 +1100
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: is MD5 finally dead?

Hi,

On 5 November 2014 15:21, Kurt Seifried <kseifried@...hat.com> wrote:
> http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html
>
> It seems like MD5 should probably be classed with DES as instant CVE
> win, either now, or pretty soon....

This is the same chosen-prefix attack that was used to forge
certificates.  Using md5 in
a collision-hostile environment is definitely CVE worthy, and has been
for a while. (BTW,
no CVE for rsync yet)

In the case of an unknown-prefix, HMAC[1] or anything requiring a preimage, it's
just hardening to use swap out MD5 (and SHA-1).

[1] Unless you accidentally swap the key and data fields!

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ