Re: [OPSEC] Further MD5 breaks

Joel Jaeggli <joelja@bogus.com> Wed, 31 December 2008 05:46 UTC

Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3818A3A6A70; Tue, 30 Dec 2008 21:46:23 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0639F3A6A70 for <opsec@core3.amsl.com>; Tue, 30 Dec 2008 21:46:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBtNrwKQk4VJ for <opsec@core3.amsl.com>; Tue, 30 Dec 2008 21:46:20 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 4C45C3A6918 for <opsec@ietf.org>; Tue, 30 Dec 2008 21:46:20 -0800 (PST)
Received: from [192.168.11.143] (c-67-171-158-173.hsd1.or.comcast.net [67.171.158.173]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id mBV5k0me017947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 31 Dec 2008 05:46:04 GMT (envelope-from joelja@bogus.com)
Message-ID: <495B0715.8060009@bogus.com>
Date: Tue, 30 Dec 2008 21:45:57 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.18 (X11/20081119)
MIME-Version: 1.0
To: Vishwas Manral <vishwas.ietf@gmail.com>
References: <77ead0ec0812301732l120c30c6n6b63e274771274ac@mail.gmail.com>
In-Reply-To: <77ead0ec0812301732l120c30c6n6b63e274771274ac@mail.gmail.com>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8815/Tue Dec 30 21:57:57 2008 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] Further MD5 breaks
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hehm I've been waiting for this message to arrive since early this
morning. I think the salient point, Which I made before is that if md5
is in the toolbox, someone, somewhere will use it for something
inappropriate.

Does that affect the problem at hand? Maybe, maybe not.

It is possible I believe to create a scenario where the potential for a
hash collision is either temporally or practically irrelevant.

As a community I think we've been less pro-active than we should have
been, but being deliberate is still the order of the day.

joel

Vishwas Manral wrote:
> Hi folks,
> 
> There is an interesting discussion on the saag list about "Further MD5
> breaks: Creating a rogue CA certificate".
> 
> http://www.ietf.org/mail-archive/web/saag/current/msg02368.html .
> There are some mails about the relative strengths of SHA related to
> MD5 in that environment.
> 
> Thanks,
> Vishwas
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
> 

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec