[sclug] MD5 is compromised
Will Dickson
wrd at glaurung.demon.co.uk
Thu Aug 19 01:46:35 UTC 2004
Hi all,
A group of Chinese cryptologists yesterday (17th) published
an attack which basically defeats the MD5 "checksum" (ie.
hash function) which is still widely used, inter alia, to
detect tampering or corruption on software patches etc.
Demonstrated result is at http://eprint.iacr.org/2004/199.pdf
Full paper hasn't been published yet.
If you use MD5 for anything security-related you need to
stop doing so. Replace with SHA-1.
(The same attack also breaks SHA-0 - an obsolete older
version of SHA-1. This isn't directly a problem but if the
attack can be extended to SHA-1 itself we've got big trouble.)
Will
More information about the Sclug
mailing list