nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MD5 is insecure

From: Dan Mahoney via NANOG <nanog () lists nanog org>
Date: Sun, 31 Aug 2025 12:53:35 -0700



On Aug 31, 2025, at 11:16, nanog--- via NANOG <nanog () lists nanog org> wrote:

There is currently no known way to generate a private key that would match your private key hash, faster than brute 
force, and MD5 still provides adequate protection against brute-force attacks.

While nobody should be designing new protocols using MD5 just because there is no reason to use a hash algorithm that 
has *any* known weaknesses, its known weaknesses are not relevant to this application.

A method is known to generate two pieces of data with the same MD5 hash. This isn't the same thing as saying that a 
method is known to generate a piece of data with any given MD5 hash, or the same MD5 hash as another piece of data.


And that’s why this isn’t a CVE with a CVSS score.  It’s just an indication of someone cutting corners in a way I’ve 
never seen before, that makes me wonder what other choices were made.  I say that much.

-Dan
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/G2NJ5JEFPYNQJLYQX5VVJ47NPVPFLKSS/
Previous By Date Next
Previous By Thread Next

Current thread: