Full Disclosure mailing list archives

Re: MD5 algorithm considered toxic (and harmful)

From: "Steven Adair" <steven () securityzone org>
Date: Sat, 1 Dec 2007 10:20:53 -0500 (EST)



There you have it.  Surely a GPL'd tool implementing this attack style
will be available shortly.  And since Chinese researchers have been
attacking SHA-1 lately, should SHA-256 be considered the proper
replacement?  I am unsure :-(


Yes, it would probably be a good idea.  I think this link has been put out
on this list in the past with respect to discussion on SHA-1:

http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html

NIST might not be the bible to you on what to follow and implement, but
they are definitely worth listening to (even if you're not a U.S. Federal
agency) when they tell you not to use something anymore.  For those that
don't want to click and just want to read, here's the relevant parts:

----

March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
applications using secure hash algorithms. Federal agencies should stop
using SHA-1 for digital signatures, digital time stamping and other
applications that require collision resistance as soon as practical, and
must use the SHA-2 family of hash functions for these applications after
2010. After 2010, Federal agencies may use SHA-1 only for the following
applications: hash-based message authentication codes (HMACs); key
derivation functions (KDFs); and random number generators (RNGs).
Regardless of use, NIST encourages application and protocol designers to
use the SHA-2 family of hash functions for all new applications and
protocols.

----

Steven
http://www.securityzone.org

--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

MD5 algorithm considered toxic (and harmful) Kristian Erik Hermansen (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Steven Adair (Dec 01)
  - Re: MD5 algorithm considered toxic (and harmful) James Matthews (Dec 01)
    - Re: MD5 algorithm considered toxic (and harmful) Enno Rey (Dec 01)
    - Re: MD5 algorithm considered toxic (and harmful) Tim (Dec 01)
    - Re: MD5 algorithm considered toxic (and harmful) Paul Schmehl (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) coderman (Dec 01)
- Re: MD5 algorithm considered toxic (and harmful) Valdis . Kletnieks (Dec 01)
  - Re: MD5 algorithm considered toxic (and harmful) Kristian Erik Hermansen (Dec 01)