Re^6: MD5 - what's the alternative

Guess what? Not a lifetime, just 8 hours on a 1.6 GHz machine, according to More Hash Function Attacks.

There's a reason the cryptographers started making waves about MD5 being weak when the first and so innocuous seeming collision conditions were found.

Makeshifts last the longest.

Comment on Re^6: MD5 - what's the alternative

Replies are listed 'Best First'.
Re^7: MD5 - what's the alternative by BrowserUk (Patriarch) on Mar 11, 2005 at 16:42 UTC
I didn't read it all, but that article is still referring to the fact that it is possible to find two pieces of text that have the same md5. That was always known to be possible. My challenge still stands. Examine what is said, not who speaks. Silence betokens consent. Love the truth but pardon error. Lingua non convalesco, consenesco et abolesco.	[reply]
Re^8: MD5 - what's the alternative by Aristotle (Chancellor) on Mar 11, 2005 at 19:42 UTC
Due to the ability of Wang's method to produce MD5 compression function collisions for any IV, and due to the iterative structure of MD5, we can append a collision to any block of data of our choice (provided that the bitlength is a multiple of the MD5 block length), while maintaining the collision property. Similarly we can then append data of our choice to the constructed collisions. In this way we can build colliding certificates. I don't know how much clearer it needs to be spelt out. Makeshifts last the longest.	[reply]
Re^9: MD5 - what's the alternative by BrowserUk (Patriarch) on Mar 11, 2005 at 20:35 UTC
(provided that the bitlength is a multiple of the MD5 block length) Examine what is said, not who speaks. Silence betokens consent. Love the truth but pardon error. Lingua non convalesco, consenesco et abolesco.	[reply] [d/l]