Colin Plumb wrote: >Actually, MD5 is still holding up, but Dobbertin has indeed dented it. >Frankly, it would take a *hell* of a determined attacker to manage >to turn it into a successful securitty exploit if it's used for >file checksums.
I agree here. Still, it's probably better to move away from MD5 if there are no serious consequences in doing so. We don't know the current state of the art in cracking secure hashes, and for some applications, like the web of trust for PGP keys, MD5 should already should be considered inappropriate. >SHA's GFSR implementation means that any two inputs will have a large >Hamming distance in the scheduled key, i.e. lots of rounds will have >their keys altered. The "bug fix" in SHA-1 further increases this >tendency. Is anybody aware of WHAT attack this fix was against? >I have no fear of RIPEMD-160; it's certainly strong, but it's also >slower than necessary and has more unproven techniques, and I don't >quite see the reason to put up with that. Using the reference you provided, I got around three Megabytes/ CPU second on a P133 with RIPEMD-160 (using pgcc -O6, I confess :-) How fast is SHA-1 in comprarison? -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
