Santiago Vila Doncel wrote: >BTW: Just curiosity: I would be delighted to see two different files >having the same md5sum. Do you have a simple example?
See http://www.ph.tn.tudelft.nl/~visser/hashes.html . Dobbertin's paper, http://www.ph.tn.tudelft.nl/~visser/dobbertin.ps , shows an example [ with a different IV, but it still shows that MD5 is quite vulnerable]. SHA-1 has been designed before Dobbertin's attack methods became public knowledge. Three possibilities: it's vulnerable, it's not vulnerable by accident, or it's not vulnerable because the authors had design criteria they didn't publish. RIPEMD-160, OTOH, was written afterwards, specifically to be resistant to this kind of attack (with Dobbertin one of its authors :-) WRT space requirements: An attacker who tries to create two files with equal hash functions for a n-bit hash only needs around 2^(n/2) operations if he uses a so-called birthday attack, so the 128 bit of md5 only provide 64 bits of "real" security. A 160 bit hash does sound much better (although I'd still sleep more soundly with 256 bit, but there's no good 256 bit hash available at the moment). -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
