[geeklog-devel] FYI: md5 weakness found

Dirk Haun dirk at haun-online.de
Fri Aug 20 06:02:16 EDT 2004

For those who didn't see it: Apparently, md5 is a lot less secure than it
seemed. After some initial confusion, it has now been confirmed that a
way has been found to produce collisions in md5 much more efficiently
than before.

In other words, given enough time and the proper access, there is now a
more efficient way to come up with a pass phrase that has the same md5
checksum as the original password - without having to know that original

There's no need to panic, though, as even the new way still requires a
lot of computing power and retries which would be detected under normal
circumstances. We should, however, keep in mind not to use md5 in the
future and switch over to something else - as soon as the experts have
come up with a viable alternative.

A short summary is here:

To quote: "Where does this leave us? MD5 is fatally wounded; its use will
be phased out. SHA-1 is still alive but the vultures are circling. A
gradual transition away from SHA-1 will now start. The first stage will
be a debate about alternatives, leading (I hope) to a consensus among
practicing cryptographers about what the substitute will be."

Slashdot also carries the story:

bye, Dirk


More information about the geeklog-devel mailing list