David Schultz wrote: > As a > rather extreme example, suppose that it was discovered that on > random input, an MD5 output only has 70 bits of entropy. Then > it might be relatively easy for an adversary to recover sector > keys without knowing the master key. (Granted, this would > constitute a much stronger break in MD5 than is currently known.)
I'm not going to even touch the rest of this thread, but it is clear that MD5 has at least 100 bits of entropy, simply based on the lack of collisions resulting from hashing random data. (If you generate 2^n hashes randomly without finding a collision, then the hash must have at least ~~ 2n bits of entropy, and organized attempts to crack MD5 generated at least 2^50 hashes before the algorithmic break was found.) Colin Percival _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
