Re: [Gnu-arch-users] Re: MD5 is broken

[Jan Hudec]

On Wed, Mar 16, 2005 at 10:02:35AM +0100, Karel Gardas wrote:
> On Wed, 16 Mar 2005, Andrew Suffield wrote:
> 
> > On Wed, Mar 16, 2005 at 12:26:30PM +0600, Ivan Boldyrev wrote:
> > > > If someone finds a second pre-image attack against md5, then arch
> > > > will be in trouble (but so will just about anything else).
> > >
> > > MD5 is considered insecure for many years.  Arch is already in trouble
> > > because Arch developers do not understand security.
> > >
> > > I am not security expert too, but designing security attack against
> > > Arch took less time than writing this message.
> >
> > This is pure nonsense. Go away and read /Beyond Fear/, and maybe
> > /Secrets & Lies/ as well. And CRYPTO-GRAM too, while you're at
> > it. I've seen journalists with better comprehension of security.
> 
> I don't fully agree with Ivan's notes, but this does not change anything
> about the danger of using MD5, or does it? Please also read:
> http://cryptography.hyperlink.cz/2004/otherformats.html

Note however, that this article says that "in bzip2 and gzip formats,
the differing bits from colliding blocks won't be extracted into files,
so install script (Makefile, configure, etc.) would have to read the
original tar.bz2 or tar.gz." GNU Arch does not do this. But even then
MD5 is too close to trouble. I think that the practical attack is not
doable just yet (because so far it requires custom code to read the
coliding block), but it's highest time to change the hash functions.

--------------------------------------------------------------------------------
                                                - Jan Hudec `Bulb' 
<address@hidden>