Re: [Gnu-arch-users] Re: MD5 is broken

[Karel Gardas]

On Wed, 16 Mar 2005, Andreas Rottmann wrote:

> Karel Gardas <address@hidden> writes:
>
> > On Wed, 16 Mar 2005, Andrew Suffield wrote:
> >
> >> On Wed, Mar 16, 2005 at 07:57:15PM +0100, Karel Gardas wrote:
> >> > On Wed, 16 Mar 2005, Andrew Suffield wrote:
> >> >
> >> > > On Wed, Mar 16, 2005 at 12:46:28PM +0100, Karel Gardas wrote:
> >> > > > Sorry! That's just my short-cut of the whole problem. As I've
> >> > > > already written I don't agree fully with Ivan's statements,
> >> > > > but this does not change anything on the fact that MD5 is
> >> > > > broken.
> >> > >
> >> > > MD5 is not broken. That's a myth. Stop spreading it.
> >> >
> >> > Perhaps `MD5 is broken' is not the best description of the problem, but
> >> > let say `MD5 is not collision free'.
> >
> Not being collision-free is a property of all possible hash functions
> where the hash value is shorter than the hashed value.

Sorry, this is a misunderstadning, I mean "collision-free" in following
meaning:

"One-way hash functions are supposed to have two properties.  One,
they're one way.  This means that it is easy to take a message and
compute the hash value, but it's impossible to take a hash value and
recreate the original message.  (By 'impossible' I mean 'can't be done
in any reasonable amount of time.')  Two, they're collision free.  This
means that it is impossible to find two messages that hash to the same
hash value.  The cryptographic reasoning behind these two properties is
subtle, and I invite curious readers to learn more in my book Applied
Cryptography."

http://lwn.net/Articles/127667/

Cheers,
Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com