Keep It Simple, Stupid | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
You miss the point. The situation in which the "panic" applies is that I have received a message, and I have a trusted MD5 checksum of the message originally sent. (In practice, the checksum is protected using public key cryptography.) The message I received hashes to the same MD5 checksum as that of the original message. How certain can I be that the message has not been altered in transit? If an attacker can find a collision in reasonable time, he can pad a modified (or completely different) version of the message such that it hashes to the original checksum, and I can no longer trust the message I received any more than I could without the checksum. In other words, a cryptographic signature is worthless if the hashing function is weak. And it seems that MD5 has turned out to be weak. That doesn't make it entirely useless. There are many scenarios outside cryptographic signatures where it is still useful. Makeshifts last the longest. In reply to Re^2: MD5 - what's the alternative
by Aristotle
|
|