[CLUE-Tech] One Fish, Two Fish, Red Fish, Blowfish!
Jeremiah Stanley
miah at miah.org
Sat Jan 12 14:16:41 MST 2002
> I'm curious...I thought that MD5 was shown to have some lack of
> randomness (I remember reading this about 1.5 years ago, I think) that
> may be exploited in some manner. And of course I don't have a cite for
> this. It may have been on Slashdot.
Well, the weakness you are referring to was discovered about four months
after MD5 was proposed. There is some lack of entropy in the compression
function of MD5 but it has never proven to have a valid attack on the
scheme. MD5 is very collision resistant, or the same has will only occur
in one a few trillion random pairs of strings. Not likely to be anything
that I send to you that you want to verify that transmission wasn't fubar.
> Of course, when/if quantum computers come about - current encryption
> and one-way hashes will look pretty weak, huh? :)
Not really. Quantum computing essentially could be described as 'massive
parallezation'. Any crytography can be brute forced (other than the
perfectly secure one time pad, which will never ever be threatened) with
enough time, storage space and processor beastliness. What you can do with
quantum computing is try all 2^64 possible DES keys in a split second to
see which one reveals sensible plaintext. I'm not an expert on quantum
mechanics so I should shut my mouth about it. But, it really isn't that
much of a threat due to the fact that when people can break your
conventional crypto, you'll be able to encipher using something of equal
strength to quantum cryptanalysis thereby rendering the problem null.
J
--
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life.
More information about the clue-tech
mailing list