From: "David F. Ogren" <ogren@cris.com>
Date: Mon, 1 Jul 1996 17:43:51 +0800
To: ogren@cris.com
Subject: Re: rsync and md4
Message-ID: <199607010605.CAA24104@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> "David F. Ogren" writes:
> > > I'm afraid you are totally wrong here. MD4 has been completely
> > > broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> > > trustworthy, either -- it was broken recently. Stick to SHA.
> > > 
> > 
> > MD4 has had successful attacks on limited rounds.  It has _not_ been 
> > completely cracked.
> 
> Could you please quit spewing inaccurate information?
> 
> Dobbertin completely cracked MD4 already, and found MD5 collisions in
> a document circulated on May 2nd that mean it isn't far behind.
> 
> The comments you are making are dangerous because they encourage
> people who don't know better to think that hashes which are known
> unsafe are safe. Please quit posting until you start monitoring the
> field enough to have accurate sources of information.
> 

I stand by my statements.  I have followed the current developments 
regarding MD5 with interest, and am using SHA1 in the program that I am 
currently authoring because of its MD5's weaknesses.

However, MD5 (and MD4) have not been completely cracked.  The problems that 
you bring up have to do with situations where an active attacker develops a 
slightly different pair of documents with the same hash.

Although this is highly undesirable characteristic for a hash function, and 
shows a weakness in the function that may eventually lead to its being 
completely cracked, it does not mean that a fraudulent document can be 
created from an already signed document.  This is an old argument and I 
don't want to get into it here.  However, there a lots of people that who 
still think MD5 can be safely used to a) sign documents that you create 
yourself, and b) sign documents that you have made cosmetic changes to.

Irregardless, this argument is moot.  This thread is titled "rsync and 
md4".  It is a discussion about which hash function suits this particular 
purpose and he is not particularly concerned with resistance to deliberate 
attack.  In this case MD4 will function adequately.
- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMddp3uSLhCBkWOspAQEI1Qf/VLg6ak6Y/VfbynFhCcA69RZKAQ/C6pCx
DMdz3OFitOwQM/csjTPBs7jue/3ArIQ+jevBOjp/NyAoJ4U8+Np4yv7ksmpEjTKq
EWq4DcvAB7MgpgJ72A92tO55vQo8AjYPmcZT2LhqeiTg+R6yL437T4gqS0ZSs7Ud
7e1anp7m72shSel6OKsxtfgiyVDlVi6mdtpXlLegWxcZhPaRYaZen3mHJ3JdxCpc
EsQupdrNVxBGMuxKeBwlkjCxD1TbqFpHTodh0oapEDScjpzTMmQeHYavmboI+Pys
32jt1PI9JEPIDracYcI3ovkgvR5VmMlKhAPDXcYbr2MWeBbVRDOaJw==
=9dqv
-----END PGP SIGNATURE-----