TriNetre - Archive for February 17, 2005
(no longer updated)
It looks like a practical real-world MD5 collision has been demonstrated. Robert J. Hansen writes in the PGP-Basic Yahoo groups:
Dan Kaminsky presented an MD5 collision attack at ShmooCon, by making the Shmoo homepage hash out to the same value as the NSA's homepage. This may be the first real-world practical demonstration of an MD5 collision.
Things continue to move quickly. It's an interesting time to be alive.
Warning: I'm going on firsthand accounts from people who were there, who have a history of being reliable sources. They may be in error about some details, though.
Found this gem on the PGP-Basics Yahoo groups:
> Hashes are not used for encryption.
You're right, they're used for file compression aren't they? By the way,
I recently compressed my 20MB thesis to a less then 1kb file with MD5.
Amazing ratio! Of course, for the sake of security I also deleted all
the uncompressed copies.
[]'s
Gustavo
