welcome to “collision is not pre-image” day

If you start your day with slashdot (the informational equivalent of a Snickers-and-Skittles breakfast, IMO, but that’s for another day) or know someone who does, you’re probably aware that “something bad happened to MD5 today“. If you’re not, odds are good you don’t need to really care about it very much, so you can move to the next post in your feed reader.

There are a number of places you can go for a good explanation of what the significance of the MD5 attacks are, which should be a prerequisite for commenting on the effects of making those attacks faster (that’s today’s news; source for a long-known attack made public). It is not, however, so the internets are all atwitter about attacks on MD5-hashed passwords (still fine), software verification (still largely fine, other than bait-and-switching for some edge cases), certificate authorities (could be some really nasty baits-and-switches here), and P2P network poisoning (right in the jimmy).

If you are the sort of person who actually reads to understand before writing to inform, you should probably block off 30 minutes or so for explaining to the breathless around you what actually happened today, and what the attacks really represent in practical terms. (In theoretical terms, they are indeed a mortal blow, but there has been no shortage of such blows for MD5 and SHA-1 for a while now. Anyone building new crypto-using systems, or maintaining existing ones, has been moving to other hash functions for a while, or should have been.)

4 comments to “welcome to “collision is not pre-image” day”

  1. jhermans
    entered 16 November 2005 @ 12:16 pm

    Since I’m the MD5 contact person for my company, I wholeheartedly agree with this post. I get mails from all over the place (bosses, co-workers but also clients), who “helpfully” suggest that MD5 should be replaced in RADIUS, Digest, Digest-AKA, HMAC-MD5, EAP-TLS, … wherever it is used “because it has been hacked”. Yeah right.

    My boss (clueless) suggested even that I should use RC5, but I don’t think so. He should read (yes, that’s my name in the 3th paragraph).

  2. jhermans
    entered 16 November 2005 @ 12:19 pm
  3. entered 17 November 2005 @ 1:41 am

    I agree I am telling my Boss to read this.

  4. entered 18 November 2005 @ 3:03 pm

    What about Tiger? :)

    ~Grauw