Hosting Provided By

RE: MD5 Exploit Database?

From: Holt, Albert <Albert.Holt(at)dcfl.gov>
Date: Tue Feb 04 2003 - 07:35:54 EST

There are a number of reasons why it is prudent to calculate SHA-1 in addition to md5. They can be used to some degree to compare and validate each other's results. And what if some morning it is discovered that there is a fatal flaw in md5, and that the results cannot be trusted? You already have Plan B. Commodity compute power is cheap, as is storage for a bunch of 128/160 bit outputs.

al holt
NSIRC
-----Original Message-----

From: Simson L. Garfinkel [mailto:slg@ex.com] Sent: Saturday, January 25, 2003 9:30 AM To: Matt Scarborough; Simson L. Garfinkel Cc: Chris Reining; Mark G. Spencer; forensics@securityfocus.com Subject: Re: MD5 Exploit Database?

Matt,

Thanks for responding to this. Do you think that I should go ahead with the MD5 collection project? It doesn't seem like anything else is doing quite this thing, and I think that it would be useful.

Do you think that I shoudl collect both SHA-1 and MD5 codes?

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Feb 5 08:32:02 2003

This message: [ Message body ]
Next message: Christine Siedsma: "Re: Computer Forensic Books 2002 - 1Q*2003"
Previous message: Simson L. Garfinkel: ""known goods web service""
Maybe in reply to: Mark G. Spencer: "MD5 Exploit Database?"
Next in thread: raymond ip: "RE: MD5 Exploit Database?"
Reply: raymond ip: "RE: MD5 Exploit Database?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT