From: Steve Reid <root@edmweb.com>
To: Andrew.Tridgell@anu.edu.au
Message Hash: 2f20cda67e9ae4b862ebaf76c9e66f45f547f71c8b147d04920ce4dedcf2d1d7
Message ID: <Pine.BSF.3.91.960629200514.626A-100000@bitbucket.edmweb.com>
Reply To: <96Jun30.105019+1000est.65036-6357+785@arvidsjaur.anu.edu.au>
UTC Datetime: 1996-06-30 07:08:49 UTC
Raw Date: Sun, 30 Jun 1996 15:08:49 +0800
From: Steve Reid <root@edmweb.com>
Date: Sun, 30 Jun 1996 15:08:49 +0800
To: Andrew.Tridgell@anu.edu.au
Subject: Re: rsync and md4
In-Reply-To: <96Jun30.105019+1000est.65036-6357+785@arvidsjaur.anu.edu.au>
Message-ID: <Pine.BSF.3.91.960629200514.626A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain
> > MD4 is not strong- people can deliberately produce files with the same
> > hash in a matter of minutes. MD5 is secure for now, but it seems to be
> > gradually falling to cryptanalysis, and should be phased out of use before
> > it breaks. IMO the best hash algorithm is SHA1 (which is an updated
> > version of the original SHA). Do a web search for "FIPS PUB 180-1" for the
> > specs.
>
> Do you have references to the md4 collision stuff? The situation I
> have is a bit unusual so its just possible some of the results may
> apply.
Sorry, I was actually thinking of two-pass Snerfu that can be collided in
a matter of minutes... I'm fairly certain that MD4 is collidable, but I
don't remember where I read that, and I'm not sure how much time it would
take.
I'm quite certain that MD4 will not collide by accident, so it would
probably be okay for you.
=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) |
| Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
| -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- |
===================================================================:)
Return to June 1996
Return to “Steve Reid <root@edmweb.com>”