At 10:42 AM 10/24/95 -0400, Dr. Frederick B. Cohen wrote:
[...] uses an MD5 checksum which the members of this list seem to place unlimited trust in (incorrectly in my view, but that would be picking two nits with one keyboard entry).
Can you elaborate with facts on the supposed weakness of MD5 ?
I didn't say that there were any weaknesses in MD5, all I said was: "unlimited trust ... (incorrectly in my view...)"
...
[btw who talked about 'unlimited' trust ?]
There has been no limit given by anyone on this list to the level of trust they place in MD5. Several people have posted (without contention) that MD5 is sufficiently trustworthy to trust billions of dollars in commerce to it's being able to prevent a selected plaintext attack as eluded to above. If you think we should trust it, and you don't limit your assessment of trust, what other assumption should I make? If several people proclaim that trust and nobody stands up in disagreement, tacit agreement is my normal (although not necessarily justified) assumption.
The dear "Dr." Cohen strikes again: It would appear that "Dr." Cohen continues to assume that this list appeared the moment he first posted, or that we love to type the same symbols over and over. This list places no more trust in MD5 than in IDEA--or RSA, for that matter. But since banks CURRENTLY trust RSA for billions of dollars in transactions (and, I believe with fairly small moduli) this trust is the usual trust of experience. In fact there HAVE been discussions of the security of MD5 on this list--but since they occured before the good "Dr." Cohen arrived, perhaps we should have them again for his sake. But since most of us tire of typing (and reading) endless explainations that we DON'T trust something absolutely, we don't. We also don't spend all of our time correcting slightly overgeneralized statements. And of course there is the small fact that quite a few people here believe that if anyone is foolish enough to place absolute trust in an algorithm, who are we to disabuse them? But if "Dr." Cohen wishes to discuss the weaknesses of MD5, he should focus his attention on his prefered whipping dog--PGP. Some versions of PGP had an insecure implementation of MD5. But of course the "Dr." should know that an insecure implementation is very far from a demonstration that an algorithm is insecure. Nathan Zook --- Now installing Linux 3.0 or something...