No, it was on the compression function, but not in any sense "reduced". But you had to start with particular values of the chaining variables, and in practice no-one knows how to do that, so MD5 (as a whole) isn't broken by this, at least until tomorrow evening. The rumour here is that MD5, HAVAL, and RIPE-MD are all goners. We know SHA-0 is toast too. There might also be results against SHA-1. Hash functions are hard.

What I've heard (also at CRYPTO right now like Greg) is that the four Chinese researchers (Wang, Fang, Lai, Yu) have found collisions in MD4, MD5, HAVAL, and RIPEMD. They state that SHA-0 collisions can be found as well. However, the collision they list for MD5 doesn't produce work because the Chinese translation of [MOV] had an error which caused an endianness problem. So they have a collision for a PARTICULAR IV. One of the four researchers is back in China, so they are on the phone trying to fix the problem for the announcment tomorrow evening. However, they have announced nothing regarding SHA-1 or any of the larger-output SHA versions like SHA-256, etc. We haven't seen their methods yet, but one has to believe that their methods are fairly general given the range of hash functions they've attacked. This would SEEM to put the SHA family into jeopardy as well, but we should know more tomorrow evening. John Black [MOV] Menezes, van Oorschot, Vanstone; Handbook of Applied Cryptography, CRC Press. _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'