From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Jul 1996 16:52:47 +0800
To: cypherpunks@toad.com
Subject: MD5 breaks, etc.
Message-ID: <199607010408.AAA19179@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



1) On the question of MD4, it has been demonstrated that one can
   generate multiple documents with the same hash -- an example was
   given in a paper a while back of two contracts, identical but for
   the dollar sum agreed two, with identical MD4 hashes. That
   demonstrates that MD4 is useless.

2) Hans Dobbertin on May 2nd released a short paper that circulated
   widely on the net describing collisions in the MD5 compression
   function. Several people have asked me for references on this. I
   cannot give you anything -- all I have is postscript of the
   document, which had not been published in any journal when I last
   checked. However, the result is widely known. MD5 is *not*
   something that should be trusted going forward, and I hope the next
   version of PGP uses SHA-1.

Perry