On Tue, 2007-10-23 at 07:22 +0200, Milan Crha wrote: > Hi, > they hacked MD5, not SHA1, about 2 years ago, and it's "only" for > messages of size >= 1024 B. One Czech cryptographic guy made a program > to create collision in about 8 seconds on a regular notebook. :)
Flaws started being found in MD5 over 10 years ago and came to a head in 2004 when collisions were found by Chinese researchers. A practical attack on X.509 certificates was demonstrated by Lenstra et al. in 2005. See http://en.wikipedia.org/wiki/Md5 > SHA1 still persists, as far as I know. In every practical sense yes, however see http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html Basically, a flaw exists in SHA-1 (it's not collision-free) but currently there's no reasonable way to exploit it. However at some point it would be good to start moving away from SHA-1 in general applications, given the experience of MD5. For email however, even a weak hash function is not necessarily the end of the world. Evo uses GPG hashes for digital signatures (you encrypt the hash with your secret key) so an attacker would need to decrypt the hash (easy), find a different message that produces the same hash, and then try to pass off the false message as true. The exploits found so far for hash functions don't do this. They consist in generating two random bitstrings that have the same hash. This is what "the Czech guy" did, i.e. his attack allows Alice to create two messages and claim she sent message B to Bob when in fact she sent message A (if this ever came before a judge, Bob would simply produce message A and show it has the same hash as message B, meaning Alice must have generated both of them). As the main use of signatures in email is to detect forgery by a third party (e.g. spam), and so far no-one can produce a "reasonable" message that collides with another given message, I think we're OK for now :-) poc _______________________________________________ Evolution-list mailing list Evolution-list@gnome.org http://mail.gnome.org/mailman/listinfo/evolution-list
