[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlock (was Re: libcrypt info)

Marek Michalkiewicz writes:
>Elliot Lee:
>> Widely used, most likely, but not so trusted anymore; read sci.crypt for
>OK, I should have said it _was_ trusted... :-(

Let's not go off the deep end here.  From my reading, there is no
evidence of any weakness pertinent to this application.  In particular,
the attack requires a modified IV, and still does not allow finding
an arbitrary message that produces a specific hash, it only has the
potential to allow one person to create to messages with the same

It's not at all clear to me that the attack has even been verified
against MD5.  Even the MD4 attack is nearly useless, and the author
of the attack says that a lot of hard work is still necessary to
turn that into a successful attack on MD5, and that it isn't even
proven that it will work.  He also says that it's not an issue in
the short term even for signing messages (where his attack *may*
be valid) and it should not be an issue at all, even for MD4 where
the attack is verified to exist, for complete message forgery.

If anyone can refute any of this with solid mathematical evidence
or citations of available papers, I want to know about it.


"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []