SecurityFocus

MD5 To Be Considered Harmful Someday Dec 06 2004 11:29PM
Dan Kaminsky (dan doxpara com) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:46AM
Joel Maslak (jmaslak antelope net) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:19PM
Jack Lloyd (lloyd randombit net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:43PM
Jack Lloyd (lloyd randombit net)

MD5 To Be Considered Harmful Today Dec 08 2004 01:39AM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:23PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:40PM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:36PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 07 2004 10:54PM
Gandalf The White (gandalf digital net) (4 replies)

RE: MD5 To Be Considered Harmful Someday Dec 08 2004 04:01AM
David Schwartz (davids webmaster com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:30PM
George Georgalis (george galis org) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 04:36AM
Gandalf The White (gandalf digital net) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Keith Oxenrider (koxenrider sol-biotech com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:17PM
Solar Designer (solar openwall com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 10:03PM
Dan Kaminsky (dan doxpara com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 11 2004 07:26PM
Solar Designer (solar openwall com)

Re: MD5 To Be Considered Harmful Someday Dec 09 2004 01:47AM
Pavel Kankovsky (peak argo troja mff cuni cz)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:48PM
Paul Wouters (paul xtdnet nl) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 11:23PM
Adam Shostack (adam homeport org)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:52PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:05PM
Paul Wouters (paul xtdnet nl)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:51AM
Joel Maslak (jmaslak antelope net) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 07:22PM
Steve Friedl (steve unixwiz net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 12:13AM
Tim (tim-security sentinelchicken org) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:35PM
Dragos Ruiu (dr kyx net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 06:52PM
David F. Skoll (dfs roaringpenguin com)

On Tue, 7 Dec 2004, Tim wrote:

> Due to the slowness of public key, most digital signatures are
> performed on a digest of the original document.

I think it's time to change the way we do digital signatures to
compute several hashes of the original document using different
algorithms (SHA1, MD5, ...) and sign the concatenation of the resulting
digests. Does any standard signing software do this yet?

Also, it's probably a good idea to alter in some small and
unpredictable way anything that you're asked to sign. (Add some
spaces, add text like "Signed by David F. Skoll", etc.) This makes it
impossible to precompute two versions that hash to the same value,
though it's still not very good protection if it becomes easy to find
MD5 collisions.

Regards,

David.

[ reply ]

Re: MD5 To Be Considered Harmful Someday Dec 05 2004 11:04PM
Ruth A. Kramer (rhkramer fast net)