[CLUE-Tech] One Fish, Two Fish, Red Fish, Blowfish!

[Jeremiah Stanley]

> I'm curious...I thought that MD5 was shown to have some lack of
> randomness (I remember reading this about 1.5 years ago, I think) that
> may be exploited in some manner. And of course I don't have a cite for
> this. It may have been on Slashdot.

Well, the weakness you are referring to was discovered about four months 
after MD5 was proposed. There is some lack of entropy in the compression 
function of MD5 but it has never proven to have a valid attack on the 
scheme. MD5 is very collision resistant, or the same has will only occur 
in one a few trillion random pairs of strings. Not likely to be anything 
that I send to you that you want to verify that transmission wasn't fubar.

> Of course, when/if quantum computers come about - current encryption
> and one-way hashes will look pretty weak, huh? :)

Not really. Quantum computing essentially could be described as 'massive 
parallezation'. Any crytography can be brute forced (other than the 
perfectly secure one time pad, which will never ever be threatened) with 
enough time, storage space and processor beastliness. What you can do with 
quantum computing is try all 2^64 possible DES keys in a split second to 
see which one reveals sensible plaintext. I'm not an expert on quantum 
mechanics so I should shut my mouth about it. But, it really isn't that 
much of a threat due to the fact that when people can break your 
conventional crypto, you'll be able to encipher using something of equal 
strength to quantum cryptanalysis thereby rendering the problem null.

J
-- 
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life.