MD5 breaks, etc.
Perry E. Metzger
perry at piermont.com
Mon Jul 1 01:52:47 PDT 1996
1) On the question of MD4, it has been demonstrated that one can
generate multiple documents with the same hash -- an example was
given in a paper a while back of two contracts, identical but for
the dollar sum agreed two, with identical MD4 hashes. That
demonstrates that MD4 is useless.
2) Hans Dobbertin on May 2nd released a short paper that circulated
widely on the net describing collisions in the MD5 compression
function. Several people have asked me for references on this. I
cannot give you anything -- all I have is postscript of the
document, which had not been published in any journal when I last
checked. However, the result is widely known. MD5 is *not*
something that should be trusted going forward, and I hope the next
version of PGP uses SHA-1.
Perry
More information about the cypherpunks-legacy
mailing list