[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] MD5 is broken
From: |
Ivan Boldyrev |
Subject: |
[Gnu-arch-users] MD5 is broken |
Date: |
Tue, 15 Mar 2005 20:03:32 +0600 |
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux) |
Arch uses MD5 internally. But MD5 is not weak hash function, it was
attacked many times, and recently first practical attack was created:
,----
| Two X-509 certificates with identical MD5 hashes:
| <http://www.win.tue.nl/~bdeweger/CollidingCertificates/>
| Faster MD5 collisions (eight hours on 1.6 GHz computer):
| <http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf>
`----
GNU Arch must move away from MD5 ASAP. Using strong crypto like GPG
for signing patches is waste of CPU cycles, because signed text is
list of MD5 sums.
--
Ivan Boldyrev
Tragedy of programmers is that computer is wonderful toy
and programmers have to use it in their work.
pgptRE2ZZjw9E.pgp
Description: PGP signature
- [Gnu-arch-users] MD5 is broken,
Ivan Boldyrev <=
- Re: [Gnu-arch-users] MD5 is broken, Matthew Dempsky, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16