From: "Mark M." <markm@voicenet.com>
Date: Mon, 1 Jul 1996 15:46:26 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: rsync and md4
In-Reply-To: <199606301849.LAA23313@netcom18.netcom.com>
Message-ID: <Pine.LNX.3.94.960630163222.827B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 30 Jun 1996, Mike Duvos wrote:

> Has MD5 been broken again?  Or are you referring to that little
> collision problem which is unlikely to affect the security of the
> typical real life application?

The point isn't whether MD5 can be attacked in a "real life" application, but
that there is a flaw in MD5.  This means that it is weaker than an algorithm
like SHA that has no known cryptanalytical attacks against it.  Besides, a
hashing algorithm with a 128-bit output can be broken as easily as a 64-bit
encryption key.  MD5 shouldn't be used for that reason alone.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdblK7Zc+sv5siulAQHlCgP7BHta126r27mc0Xw9UKy4wnXhzu3AbRBM
QauVyh5hHvWKMJ7tXZEyDOtzvGCL3KalHCcXE7cfnybhOS6D+w9K/ZTafY0ASwP+
q6VHT1F3r0b616hL0wfp165X/qTVYKb4urWRU0p+hv9mQ0ET0ZoYpHJz66+7YJ5o
AcobTzBNQyk=
=oyfI
-----END PGP SIGNATURE-----