[erlang-questions] wow: MD5 broken

Per Hedeland per@REDACTED
Mon Dec 3 11:07:34 CET 2007

Alceste Scalas <alceste@REDACTED> wrote:
>Il giorno sab, 01/12/2007 alle 13.44 +0100, Per Hedeland ha scritto:
>> "Joe Armstrong" <erlang@REDACTED> wrote:
>> >
>> >MD5 is really broken - gulp see
>> >
>> >http://www.win.tue.nl/hashclash/SoftIntCodeSign/
>> "Broken" is a too strong word - for any value produced by any hashing
>> method, there will obviously be an infinite number of different inputs
>> that produce the same value - the question is how hard it is to find
>> them.
>Well, in the case of MD5, the word "broken" is not that strong IMHO.
>For example, you can create your own md5-colliding executables [snip]

Yes, this is basically what the originally referenced paper discusses.
The point is, as I described in the part of my message that you snipped,
that this is not how you use md5 (or any other hash) for integrity
checking. Both you and earlier Michael Regen (about the "funny"
application invented by the guys that wrote the paper) use the word
"example" - and I have to wonder, example of what? Can either of you
point to any real-world application where the possibiliy to modify two
inputs such that they produce the same hash actually is a problem *per

By the way, this discussion really doesn't have much to do with Erlang,
I'm not sure why Joe posted here in the first place - except for one
thing that hasn't even been mentioned yet: The Erlang distribution
mechanism uses md5 in the authentication process. Of course it isn't
"broken" (yet) either, but changing to a "better" hash function is
obviously a good idea. Then again, everyone seems to think that the
Erlang distribution is inherently unsafe anyway (for reasons that aren't
obvious to me at least)...

--Per Hedeland

More information about the erlang-questions mailing list