[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 warning

To: ietf-openpgp@xxxxxxx
Subject: Re: MD5 warning
From: Lutz Donnerhacke <lutz@xxxxxxxxxxx>
Date: Sat, 21 Aug 2004 22:13:33 +0000 (UTC)
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Newsgroups: iks.lists.ietf-open-pgp
Organization: IKS GmbH Jena
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: slrn/0.9.8.0 (Linux)

* David Shaw wrote:
> On Sat, Aug 21, 2004 at 09:23:13PM +0000, Lutz Donnerhacke wrote:
>> Not necessary. All known attacks does not impose a direct risk to md5 based
>> OpenPGP issues.
>
> True, but would you recommend using MD5 these days?

No. I won't recommend any hash soley based on bit-logic and modular
arithmentic these days.

> The time to deprecate it is before it is completely broken, and the
> attacks do pose a direct risk.

OpenPGP recommends SHA1. I'm feeling bad with this, but this is not the
subject of discussion.

> MD5 showed some signs of weakness a few years ago.  A few days ago, it
> showed some pretty serious problems.  Let's let it go now while it is
> relatively easy to do so.

MD5 shares some weeknesses with other hash algoithms. Don't blame MD5 alone.

> In section 9.4, add a note indicating that hash algorithm 1 is MD5,
> but MD5 is deprecated, and SHOULD NOT be used.

So please add "SHA1 MAY NOT be used."

Follow-Ups:
- SHA-1 (was RE: MD5 warning)
  - From: Carl Ellison

References:
- Re: MD5 warning
  - From: David Shaw

Prev by Date: Re: MD5 warning
Next by Date: SHA-1 (was RE: MD5 warning)
Previous by thread: Re: MD5 warning
Next by thread: SHA-1 (was RE: MD5 warning)
Index(es):
- Date
- Thread