Home page logo

bugtraq logo Bugtraq mailing list archives

Re: MD5 To Be Considered Harmful Someday
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 08 Dec 2004 13:44:08 -0800

Since you can't possibly mean absolutely suitable, can you clarify your
basis for suitability? I'm not asking for a technical proof, just the
general metrics used to make the determination.

If 160 bit SHA1 is good enough for one application but not another, what
does one need to know to decide for their own application?
SHA-1 is truncatable to 128 bits for applications that have limited space available for hashes. This limits the birthday paradox attack to a 2^64 effort, but MD5 isn't anywhere close to that anymore. (Incidentally, the output of birthday attack is an unchosen collision, just like Wang's.)

SHA-1 isn't perfect, but we haven't known its been broken for a decade like we have for MD5.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]