Martin Mielke wrote:
Hi all,
I'm sending this to both the users list and the off-topic one as it has a rather big impact:
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-p...
"This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash." This is incorrect. A hash is not unique, as more than one file can have the same hash. This is well known and called a "collision" and results because a hash is a fixed length, for example 128 bits and is the result of an arbitrary length file. As soon as the original file exceeds 128 bits in length, you run out of available "unique" hashes. So, in fact, there are an infinite number files that have the same hash. The problem is finding one that matches. As is often the case, hashes can fall to brute force attacks, which is apparently what this is. The hard part of this is getting your hands on 200 PS3s. ;-) -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org