I just read this news that an MD5 collision can now be done by anyone in 45 minutes (avg) on a P4 1.6 GHz: http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228 http://www.stachliu.com.nyud.net:8090/collisions.html
MD5 as the standard for hashing is definately history. All the more reason for sha256- and alike-functions. Ron "Stefan Esser" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > > assuming this is true then the built in session handler is pretty > > vulnerable right now no? > > one only has the choice of md5 or sha1 for the hashing mechanism of > > the session handlers id > > as far as I can see ... if php gets a sha256 in the core it would > > possibly be a good thing > > to make that available as an option for session.hash_function? > > I did not want to cause some "panic". MD5 and SHA1 are not completely > broken yet. I think people usually only call a hash function completely > broken when preimage attacks are possible. This means for a given > startvector you can create some input to get a desired endvector. During > the last year there have been various reports about much faster attacks > in normal collision generation, which means the time needed to you just > try to find 2 collisions. (you never know how fast it will be possible > in 1 year from now) > > The session handler on the other hand is not really vulnerable to this, > even if there are preimage attacks. In the session handler MD5/SHA1 are > merely used to convert a random number into some other format. Even if > there are preimage attacks on MD5 and SHA1 the "security" of the session > handler relies on not guessable random numbers. > (However it would not be much work to use sha256 in the session > extension as another option once it is in core) > > Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
