Date: Wed, 5 Nov 2014 08:09:00 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: is MD5 finally dead? On Tue, Nov 04, 2014 at 09:21:49PM -0700, Kurt Seifried wrote: > http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html > > > It seems like MD5 should probably be classed with DES as instant CVE > win, either now, or pretty soon.... Depends on use case, like before. Surely there are uses of both MD5 and DES where the choice of these primitives is not a vulnerability. For example, md5crypt is not affected by MD5 collisions. (It's EOL'ed by the author for other reasons, though.) Similarly, the use of DES in BSDI/FreeSec extended crypt() is not a vulnerability (it's 64-bit hash space is a bit too small, etc., but that's another matter). And 3DES is still OK. For yet another example, while HMAC-MD5 shouldn't be used for new designs, there's no known realistic attack on it yet: New Proofs for NMAC and HMAC - Cryptology ePrint Archive https://eprint.iacr.org/2006/043.pdf New Proofs for NMAC and HMAC: Security without Collision-Resistance http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html http://crypto.stackexchange.com/questions/9336/is-hmac-md5-considered-secure https://tools.ietf.org/html/rfc6151 " Therefore, it may not be urgent to remove HMAC-MD5 from the existing protocols. However, since MD5 must not be used for digital signatures, for a new protocol design, a ciphersuite with HMAC-MD5 should not be included." Curious comments by Thomas Pornin and Dmitry Khovratovich on whether e.g. MD5's compression function may be a PRF or not (and thus whether the HMAC proof fully applies or not) despite of its insufficient collision resistance: http://crypto.stackexchange.com/questions/268/security-of-n-bit-hmac Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.