Re: if SHA1 and MD5 are cracked...?
From: David Magda (dmagda+trace040726_at_ee.ryerson.ca)
Date: 17 Aug 2004 16:02:43 -0400
Ben Crowell <croDELETETHISwell04@lightandmatter.com> writes:
> It sounds like significant weaknesses have been found in these
> families of hash functions. Let's imagine the worst case, which is
> that both SHA1 and MD5 succumb to attack fairly soon, so that
MD5 is not recommended for new applications by many people. There are
supposedly some theoretical attacks to find collisions but I'm not
aware of any actual collisions that have been found.
>From the md5(1) manual page:
MD5 has not yet (2001-09-03) been broken, but sufficient attacks
have been made that its security is in some doubt. The attacks
on MD5 are in the nature of finding ``collisions'' -- that is,
multiple inputs which hash to the same value; it is still
unlikely for an attacker to be able to determine the exact
original input given a hash value.
The utilities sha1(1) and rmd160(1) are currently available (at least
on my 4.10 system) if you want more secure hashes. I do not think
there are any attacks against either of them.
You may want to ask in sci.crypt for more info.
-- David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/ Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI