MD5 breaks, etc.
John Hemming - CEO MarketNet
johnhemming at mkn.co.uk
Mon Jul 1 14:01:24 PDT 1996
Accepting for a moment that MD5 collisions have been identified. From
a commercial aspect I am concerned to ensure the cryptographic security
of our ECheque system.
Just a thought on the use of MD5. If two signatures are appended to the
same document both using MD5, but one either
a) Signing all but the last octet of the message ... or
b) Signing the whole of the message and signature.
Would that not make the determination of useable collisions either
impracticable or impossible?
I must admit I am inclined to encode additionally the key components
of the message (amount paid, to whom) as well as the hash using a
Private Key encryption. After all we have at least 60 octets of
important data that can be encoded in this manner using one
simple encryption sequence, this can cover account credited and
amount easily. If someone can collision codge the description I am
not desperately concerned.
Alternately, could someone please point me at the SHA algorithm.
More information about the cypherpunks-legacy
mailing list