Dr. Frederick B. Cohen writes: # MD5 [...] which the members of this list seem to place unlimited trust in # (incorrectly in my view, Laurent Demailly writes:
Can you elaborate with facts on the supposed weakness of MD5 ?
Remember the can-you-trust-PGP flamewar we had a few months ago ? I believe Dr. Cohen's point is that no-one knows, AFAIK, how to prove that a one-way hash is truly one-way (uninvertible). We cannot prove that MD5 is secure, ergo we cannot (completely) trust it. [Please correct if this is a substantially incorrect inference.] One of the standard responses is "it's the best we can do". When people said this about PGP, FBC made some (IMHO) interesting comments about the encryption he uses in various circumstances. Perhaps he would like to share his personal choices of one-way hash functions with us. -Futplex <futplex@pseudonym.com>