(Untitled)

[wxwill]

MD5 considered harmful today

A single attempt for constructing a chosen-prefix collision costs about a little more than a day.

Comments

[ww0308]

Heh, yeah, I read a couple of articles about that. That was a pretty awesome exploit.

http://blog.wired.com/27bstroke6/2008/12/berlin.html :

"Molnar says that the team pre-briefed browser makers, including Microsoft and the Mozilla Foundation, on their exploit. But the researchers put them under NDA, for fear that if word got out about their efforts, legal pressure would be brought to bear to suppress their planned talk in Berlin. Molnar says Microsoft warned Verisign that the company should stop using MD5.

Callan [Tim Callan, vice president of product marketing for Verisign] confirms Versign was contacted by Microsoft, but he says the NDA prevented the software-maker from providing any meaningful details on the threat. "We're a little frustrated at Verisign that we seem to be the only people not briefed on this," he says."