"David F. Ogren" writes:
I stand by my statements.
Then you have lost all your reputation with me. If you don't even have the integrity to admit that you are wrong, you are obviously not a reasonable source of information.
However, MD5 (and MD4) have not been completely cracked. The problems that you bring up have to do with situations where an active attacker develops a slightly different pair of documents with the same hash.
I believe that is "cracked" under most definitions of cryptographic hashes, Mr. Ogren. A cryptographic hash is supposed to be useable in a signature precisely because it is supposed to be computationally infeasable to find two documents with the same hash. Whether both documents are chosen by the attacker or only one is immaterial -- the property as stated is independant of that. As things stand, you can get someone to sign a contract saying "I agree to pay David F. Ogren $100" and turn it into one saying "I agree to pay David F. Ogren $2395.39" or some such. If that isn't "cracked" what would be "cracked"? Yes, it could be worse, but is this not far more than bad enough?
Although this is highly undesirable characteristic for a hash function, and shows a weakness in the function that may eventually lead to its being completely cracked, it does not mean that a fraudulent document can be created from an already signed document.
Whatever you like, Mr. Ogren. Perry