![](https://seccdn.libravatar.org/avatar/6e5973805e5d37ba02cdd4eda79eee33.jpg?s=120&d=mm&r=g)
Hi!
--On Dienstag, 9. Juli 2002 15:37 +0200 Peer Stefan
[...]
p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof.
i really want to know more about this attack. please ask your professor and post the details ;-)
I forgot to post this to the list:
---------- Forwarded Message ----------
Date: Dienstag, 9. Juli 2002 15:50 +0200
From: Bastian Schmick
[...] p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof. __________________________________________________
In 1996 a german researcher found a way to produce "collisions" in the compression function of MD5 (in about 10 hours on a 100 MHz Pentium I), but IIRC could not extend this attack to the full algorithm. Details are here: http://www.rsasecurity.com/rsalabs/faq/3-6-6.html ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf <http://www.informatik.uni-mannheim.de/informatik/pi4/projects/Crypto/rgp/m d5/dobbertin.ps> This is a serious academic weakness of the algorithm, but surely nothing to worry about in practical applications. Attackers who have the required resources for this kind of attack will certainly be able to find completely different ways to compromise the security of your linux box. By the way: The same goes for DES. There has been no practical attack against the structure of the cipher. It is simply outdated, because a) it is very slow in software and b) it´s keysize is far too small to protect against brute force attacks with today´s computing power (I guess, that´s what you meant with "attack") Still, you need a considerable amount of computation to break DES and attackers might just as well find different ways to break into your system. Hope this helps. Greetings, Bastian. ---------- End Forwarded Message ----------