1996-07-01 - MD5 breaks, etc.

Header Data

From: “John Hemming - CEO MarketNet” <johnhemming@mkn.co.uk>
To: cypherpunks@toad.com
Message Hash: 0bf89a4cee50ac799b2102d640a2107087a32877c046c107884503e46d846cf2
Message ID: <1996-Jul01-150540.1>
Reply To: N/A
UTC Datetime: 1996-07-01 21:01:24 UTC
Raw Date: Tue, 2 Jul 1996 05:01:24 +0800

Raw message

From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Tue, 2 Jul 1996 05:01:24 +0800
To: cypherpunks@toad.com
Subject: MD5 breaks, etc.
Message-ID: <1996-Jul01-150540.1>
MIME-Version: 1.0
Content-Type: text/plain


Accepting for a moment that MD5 collisions have been identified.  From
a commercial aspect I am concerned to ensure the cryptographic security
of our ECheque system.

Just a thought on the use of MD5.  If two signatures are appended to the
same document both using MD5, but one either

  a) Signing all but the last octet of the message  ... or
  b) Signing the whole of the message and signature.

Would that not make the determination of useable collisions either
impracticable or impossible?

I must admit I am inclined to encode additionally the key components
of the message (amount paid, to whom) as well as the hash using a
Private Key encryption.  After all we have at least 60 octets of 
important data that can be encoded in this manner using one
simple encryption sequence, this can cover account credited and 
amount easily.  If someone can collision codge the description I am
not desperately concerned.

Alternately, could someone please point me at the SHA algorithm.







Thread