Report of collision-generation with MD5

Chuck Yerkes chuck+baylisa at snew.com
Wed Aug 18 18:20:15 PDT 2004


Quoting Mark C. Langston (mark at bitshift.org):
> On Wed, Aug 18, 2004 at 10:25:16AM -0700, David Wolfskill wrote:
> > Just got a pointer to this via ACM "TechNews Alert" for today:
> > 
> > http://www.acm.org/technews/articles/2004-6/0818w.html#item2
...
> Worse, they suspect a possible collision in SHA1 as well.
> 
> I think we're beginning to see the possibility that entropy generation
> and cryptography will never truly be secure; it's just that we can
> invent complexity faster than we can explore and/or explain it, so
> showstopping bugs are always lagging deployment.

And yet, we still have vendors that ship crypt()'ed passwords today.

Sigh.



More information about the Baylisa mailing list