LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MD5 collisions

MD5 collisions

Posted Jun 16, 2005 6:48 UTC (Thu) by beejaybee (guest, #1581)
Parent article: MD5 collisions

"Given the number of practical attacks on MD5, it may be time to move to a Federal Information Processing Standards (FIPS) approved hash algorithm, such as SHA-256, or SHA-512."

Assuming we can be persuaded that these are fundamentally more secure. My guess is that rather less effort has been directed at breaking these than MD5 and SHA-1 given that there is less practical value in breaking them.

"Note that vulnerabilities have recently been found in SHA-1"

Sure.

But isn't there a fundamental point here - if we sign a document with both MD5 and SHA-1, it becomes at least several orders of magnitude harder to fabricate a forgery, and several orders of magnitude more than 8 hours is reasonably safe - maybe more so than a relatively unresearched, untried algorithm.

Fact of the matter is, whatever algorithm is used, the possibility of hash collisions can _never_ be discounted.

(Log in to post comments)

MD5 collisions

Posted Jun 24, 2005 20:29 UTC (Fri) by xorbe (subscriber, #3165) [Link]

That's what I said -- sign with 2 orthogonal hashes (vs doubling one algorithm's output).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds