On Wed, Sep 08, 2004 at 00:33:39 -0400, Tom Lane <[EMAIL PROTECTED]> wrote: > > I've been hearing rumblings that MD5 and all other known crypto > protocols are known vulnerable since the latest crypto symposiums. > (Not that we didn't all suspect the NSA et al could break 'em, but > now they've told us exactly how they do it.)
Things aren't currently that bad. So far people have found a way to find two strings that give the same hash using MD5. They haven't yet found a way to find a string which hashes to a given hash. SHA-0 was also shown to have some weakness. From comments I have read, I don't think SHA-1 was shown to have any weaknesses. One comment specifically mentioned that the change made between SHA-0 and SHA-1 seems to have been made to address the weakness found in SHA-0. I haven't read the source papers, so take this all with a grain of salt. ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
