Date: Wed, 5 Nov 2014 15:41:51 +1100 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: is MD5 finally dead? Hi, On 5 November 2014 15:21, Kurt Seifried <kseifried@...hat.com> wrote: > http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html > > It seems like MD5 should probably be classed with DES as instant CVE > win, either now, or pretty soon.... This is the same chosen-prefix attack that was used to forge certificates. Using md5 in a collision-hostile environment is definitely CVE worthy, and has been for a while. (BTW, no CVE for rsync yet) In the case of an unknown-prefix, HMAC or anything requiring a preimage, it's just hardening to use swap out MD5 (and SHA-1).  Unless you accidentally swap the key and data fields!
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ