Hosting Provided By

Re: /dev/random and /dev/urandom

From: Poul-Henning Kamp <phk(at)phk.freebsd.dk>
Date: Sun May 11 2003 - 19:17:08 EDT

There is one current concern with MD5: over-ratio of collisions.

What this means is that it may be a bit too easy to find a MD5 input which generates a given MD5 output.

This has an impact where one uses MD5 in authentication schemes like:

	server			client
	-----------------------------------------------------------

	WHO ARE YOU ?
	(magic=234287234)
				Calculate MD5(password + 234287234)
				and send the result:
				abd344...

	Calculate MD5(password + 234287234)
	receive clients bid
	compare
	"they are identical, so the client knows the password"
	OK WELCOME!

In such a setting an over-ratio of collisions will at the very least reduce the probabilities and

In applications where MD5 is simply used as a bit-blender, this is of no concern.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sun May 11 19:19:40 2003

This message: [ Message body ]
Next message: Martin Reindl: "config(8) manpage typo"
Previous message: Stephen Samuel: "Re: /dev/random and /dev/urandom"
In reply to: Stephen Samuel: "Re: /dev/random and /dev/urandom"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:57 EDT