-----BEGIN PGP SIGNED MESSAGE-----
"David F. Ogren" writes:
I stand by my statements.
Then you have lost all your reputation with me. If you don't even have the integrity to admit that you are wrong, you are obviously not a reasonable source of information.
At this point, I can see that we have agreed to disagree. Mr. Watt has kindly quoted the exact text from Dobbertin, which I did not have handy. Let the readers of this list decide for themselves in regards to the security of MD5. But I wanted to make two last comments before this thread (finally!) dies. 1. I think that you will agree that MD4 will work fine for Mr. Tridgell's program, irregardless of your criticisms. He specifically stated that he was not concerned about intentional collisions, only random ones. 2. (quoted from Mr. Perry in an article entitled "MD5 breaks, etc.")
checked. However, the result is widely known. MD5 is *not* something that should be trusted going forward, and I hope the next version of PGP uses SHA-1.
As I understand the current plans, PGP 3.0 _will_ incorporate a SHA option. In fact, I believe that there may already be "bootleg" versions that incorporate SHA. - -- David F. Ogren | ogren@concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMdfvtuSLhCBkWOspAQGkQwf5AQTJbqJ7YQOCSaLWK7qjn0Fr0AzF9Cyb Bd2WJcHisQZ4WxwPy41SF3uUNXvgyES11rfvqa7SoqDU1QuO4N3I8PZ5+zrlwDpI 2Yb/wHyQ2jPtCVSWCmoyZfbw7a9086wWbg+N4IDuefPdgI+SqNiYmQnEsrh1+f9T L2/gC6GLXFHtl68guYTGjI3XIgHcILWkqjuo19rzw+4NXAQ3kPxTaBLGcxuMYEPl E5IbuKZ3mN4CZIDTSSctr78cthsr79KgW5NwlBW5AcCkU1XnhALVTN0vNEf2tILN jl0BdVALNbkyFdTAE7/5z6pDcThgKR/68cRrTBTRFlq1WAadXAKV8w== =drZ2 -----END PGP SIGNATURE-----