Bugtraq mailing list archives

Re: MD5 To Be Considered Harmful Someday

From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Wed, 8 Dec 2004 13:52:56 -0500 (EST)

On Tue, 7 Dec 2004, Tim wrote:

Due to the slowness of public key, most digital signatures are
performed on a digest of the original document.


I think it's time to change the way we do digital signatures to
compute several hashes of the original document using different
algorithms (SHA1, MD5, ...) and sign the concatenation of the resulting
digests.  Does any standard signing software do this yet?

Also, it's probably a good idea to alter in some small and
unpredictable way anything that you're asked to sign.  (Add some
spaces, add text like "Signed by David F. Skoll", etc.)  This makes it
impossible to precompute two versions that hash to the same value,
though it's still not very good protection if it becomes easy to find
MD5 collisions.

Regards,

David.

Current thread:

MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 07)
- Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 07)
  - Re: MD5 To Be Considered Harmful Someday Tim (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Dragos Ruiu (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday David F. Skoll (Dec 08)
  - Re: MD5 To Be Considered Harmful Someday Joel Maslak (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Steve Friedl (Dec 08)
  - RE: MD5 To Be Considered Harmful Someday David Schwartz (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Gandalf The White (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Keith Oxenrider (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Dan Kaminsky (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Paul Wouters (Dec 08)
    - Re: MD5 To Be Considered Harmful Someday Adam Shostack (Dec 09)
    - Re: MD5 To Be Considered Harmful Someday Solar Designer (Dec 08)

(Thread continues...)