Cocoa mail archive
Re: [NSPipe pipe] returning nil (running out of filehandles?)
FROM : John Stiles
DATE : Wed Apr 02 18:19:15 2008
John Stiles wrote:
> Jens Alfke wrote:
>>
>>
>> Also, you're aware that MD5 shouldn't be used for anything
>> security-related anymore? Last I heard it's pretty close to being
>> fully broken. SHA-1 is a lot more secure, and has a larger output
>> which itself makes collisions less likely.
>
> "Fully broken"? I don't know about that. Simpler variants—I think it
> was MD4?—have some kind of non-threatening attacks, e.g. the keyspace
> for finding a packet with the same signature is several powers of 2
> less than the full keyspace. But the matching packet will basically be
> identical except a handful of bits are flipped. And AFAIK nobody is
> even remotely close to finding a technique which would let you write
> arbitrary data and then tack on a few bytes to get the signature you
> want, and that's what I'd call "fully broken," at least that's what
> you'd need to find in order to make an exploit. Nobody has done any of
> this for real MD5 yet as far as I know. (In fact, I am not sure that
> anyone has found any two packets that generate an identical MD5
> signature!)
>
> If you are not CPU bound, SHA-1 is probably better anyway, but don't
> feel obligated to use it if it turns out to be a performance concern.
> I think it's going to be quite some years before we see a viable
> approach for hacking MD5 in such a way that it would create an actual
> security concern.
I take it all back; in 2007 there was an MD5 attack discovered which
actually allows for completely different binaries that sign the same.
Check Wikipedia for the details, but basically MD5 is totally broken
now. Wow, times change!!
SHA-1 it is, if security is a concern.
DATE : Wed Apr 02 18:19:15 2008
John Stiles wrote:
> Jens Alfke wrote:
>>
>>
>> Also, you're aware that MD5 shouldn't be used for anything
>> security-related anymore? Last I heard it's pretty close to being
>> fully broken. SHA-1 is a lot more secure, and has a larger output
>> which itself makes collisions less likely.
>
> "Fully broken"? I don't know about that. Simpler variants—I think it
> was MD4?—have some kind of non-threatening attacks, e.g. the keyspace
> for finding a packet with the same signature is several powers of 2
> less than the full keyspace. But the matching packet will basically be
> identical except a handful of bits are flipped. And AFAIK nobody is
> even remotely close to finding a technique which would let you write
> arbitrary data and then tack on a few bytes to get the signature you
> want, and that's what I'd call "fully broken," at least that's what
> you'd need to find in order to make an exploit. Nobody has done any of
> this for real MD5 yet as far as I know. (In fact, I am not sure that
> anyone has found any two packets that generate an identical MD5
> signature!)
>
> If you are not CPU bound, SHA-1 is probably better anyway, but don't
> feel obligated to use it if it turns out to be a performance concern.
> I think it's going to be quite some years before we see a viable
> approach for hacking MD5 in such a way that it would create an actual
> security concern.
I take it all back; in 2007 there was an MD5 attack discovered which
actually allows for completely different binaries that sign the same.
Check Wikipedia for the details, but basically MD5 is totally broken
now. Wow, times change!!
SHA-1 it is, if security is a concern.
