On Tue, 4 Jul 2006 06:18:53 -0400 Chet Uber <[EMAIL PROTECTED]> wrote:
> > On Jul 4, 2006, at 3:00 AM, Gilles Chehade wrote: > > > Chet Uber wrote: > >> Theo, > >> > >> Also the last I checked obsd still supports MD5 > >> > >> CU > > Can you please explain why it should not ? > > Can you please find a collision for > > 3d16b4f76338838044b90ffae5e71cb5 ? > > 1. No, but you can certainly find the numerous citations on why it > is weak hash. > I know why it is a weak hash, I was not implying it was strong but it is still useful for many applications that still rely on it, for some protocols that use mixed hashes [md5/sha, ...]. Not to mention that a use coupled with salting for the master.passwd database isn't weak in my opinion. > 2. No, as you are not a customer, we do not have custody of the > machine, and I have no desire to play games or to potentially > provide you access to a machine that is not yours. > haha, that was a good one :) I *really* hoped you would paste a collision and prove me wrong ... And yeah I *do* know it is possible but I was trying to make sure it wasn't just "yet another crypto expert" talking ... > I never said it should not have MD5, although if you follow the > logic that removed telnet (as it should have been) then it should be > scheduled at sometime in the near future for removal. > read 1-, there is a difference between pro-active advocacy of new protocols to deprecate old ones, and removal of a key feature upon which many tools and protocols are still relying.
