At 08:33 AM 5/19/96 -0400, Robert Hettinga wrote:

At 9:41 PM -0400 5/18/96, Bill Stewart wrote:

...

MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin that says something about generating collisions, and gives an example (though the abstract doesn't say how general the method is.)

That's what I get for not reading the DSS stuff when it came out. I'd heard lots about the MD5 stuff, but I didn't put the two together.

It also looks like I'm behind in my reading. Time to buy another edition of Applied Cryptography...

It should occur to all of us that if the NSA was actually doing the job we are vastly over-paying them to do, it is THEY who should be finding, exposing, and correcting these kinds of cryptography faults. Has anybody ever heard any evidence that the NSA has ever acted in this sort of responsible role? Another question: If the government provided DSS, and it's now toast, and it provided Clipper... Somebody ought to ask The Wicked.... er... Dorothy Denning how she thinks we should be willing to trust the government's vetting of anything like Clipper when DSS may be flawed...and the government didn't find the error! Think about it. Jim Bell jimbell@pacifier.com