oss-sec mailing list archives
Re: is MD5 finally dead?
From: Michael Samuel <mik () miknet net>
Date: Wed, 5 Nov 2014 15:41:51 +1100
Hi, On 5 November 2014 15:21, Kurt Seifried <kseifried () redhat com> wrote:
http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html It seems like MD5 should probably be classed with DES as instant CVE win, either now, or pretty soon....
This is the same chosen-prefix attack that was used to forge certificates. Using md5 in a collision-hostile environment is definitely CVE worthy, and has been for a while. (BTW, no CVE for rsync yet) In the case of an unknown-prefix, HMAC[1] or anything requiring a preimage, it's just hardening to use swap out MD5 (and SHA-1). [1] Unless you accidentally swap the key and data fields!
Current thread:
- is MD5 finally dead? Kurt Seifried (Nov 04)
- Re: is MD5 finally dead? Michael Samuel (Nov 04)
- Re: is MD5 finally dead? Alex Gaynor (Nov 04)
- Re: is MD5 finally dead? Michael Samuel (Nov 04)
- Re: is MD5 finally dead? Alex Gaynor (Nov 04)
- Re: is MD5 finally dead? Solar Designer (Nov 04)
- Re: is MD5 finally dead? coderman (Nov 04)
- Re: is MD5 finally dead? Michael Samuel (Nov 04)