nanog mailing list archives
Re: potential hazards of Protect-America act
From: Warren Kumari <warren () kumari net>
Date: Wed, 30 Jan 2008 17:03:04 -0800
Disclaimer: I'm sitting in a meeting that is making me grumpy and this is one of my pet-peeves...
I keep hearing people making the assertion that MD5 is "broken" -- this is not completely true. Yes, there have been collisions found -- yes, I can easily (and quickly) generate 2 inputs that generate the same output...
What is not trivial is for you to generate another input that will generate (eg): 0x56f39544ebca88f261f2087dab3d7e61 or, given 0x56f39544ebca88f261f2087dab3d7e61 to figure out what input I provided.
There was a brief flurry of media attention around the time of Vlastimil's tiunneling work saying "MD5 Broken!!!". Many people (not necessarily anyone on the list) just read the sensationalist headlines with no understanding as to what had been accomplished...
As with any tool, you need to understand the capabilities and limitations before using it.
Once again, this is one of those things that just pushes my buttons, sorry if I went off on a rant...
W P.S: Yes thanks, I am feeling better now :-) On Jan 29, 2008, at 7:35 PM, Frank Bulk wrote:
I think I need to eat crow on the MD5 comment -- I was confused with SHA,which although has been attacked, is still holding up: http://www.schneier.com/blog/archives/2007/01/sha1_cracked.html Frank -----Original Message----- From: Steven M. Bellovin [mailto:smb () cs columbia edu] Sent: Tuesday, January 29, 2008 9:13 PM To: frnkblk () iname com Cc: michael.dillon () bt com; nanog () nanog org Subject: Re: potential hazards of Protect-America act On Tue, 29 Jan 2008 20:28:05 -0600 "Frank Bulk" <frnkblk () iname com> wrote:Speaking as one of the authors, we did our best. (But what do you meanPretty good in the generalities, but there are few finer technical points that could be been precisely and accurately stated. One that comes to mind was the MD5 reference, another was the "50% loss" when talking about performing an optical split.about MD5? That was taken straight from the FOIAed FBI documents, and from conversations with people in law enforcement I'm quite certain that MD5 is still used -- inappropriately! -- in sensitive places.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- potential hazards of Protect-America act michael.dillon (Jan 29)
- Re: potential hazards of Protect-America act James R. Cutler (Jan 29)
- RE: potential hazards of Protect-America act Frank Bulk (Jan 29)
- Re: potential hazards of Protect-America act Steven M. Bellovin (Jan 29)
- RE: potential hazards of Protect-America act Frank Bulk (Jan 29)
- Re: potential hazards of Protect-America act Warren Kumari (Jan 30)
- Re: potential hazards of Protect-America act Steven M. Bellovin (Jan 30)
- Re: potential hazards of Protect-America act Warren Kumari (Jan 30)
- Re: potential hazards of Protect-America act Steven M. Bellovin (Jan 29)
- Re: potential hazards of Protect-America act Sean Donelan (Jan 30)
- <Possible follow-ups>
- Re: potential hazards of Protect-America act Henry Linneweh (Jan 31)