The reporter got mixed up. Antoine Joux published a SHA-0 collision, while the Chinese researchers, Xiaoyun Wang and co. put out the paper on collisions in MD5, MD4, HAVAL, and full RIPEMD. A copy can be found here: http://eprint.iacr.org/2004/199.pdf This is the second version, after they used the wrong IV's initially. They plan to release a more detailed version in the near future. I wouldn't just wave off the attack; they seem to be able to find collisions fairly quickly. For more info see recent posts on: http://www.mail-archive.com/cryptography%40metzdowd.com/ -- George F. Costanzo <[email protected]> PGP Fingerprint: 1E4F 09F2 D637 B917 8D61 0413 4FBC 7DB0 1407 2B6D > -----Original Message----- > From: [email protected] [mailto:owner-freebsd- > [email protected]] On Behalf Of David Wolfskill > Sent: Thursday, August 19, 2004 3:24 AM > To: [email protected] > Subject: Report of collision-generation with MD5 > > Just got a pointer to this via ACM "TechNews Alert" for today: > > http://www.acm.org/technews/articles/2004-6/0818w.html#item2 > > Seems that "... French computer scientist Antoine Joux reported on > Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often > used with digital signatures...." > > There's more in the article cited above. > > Peace, > david > -- > David H. Wolfskill [email protected] > Evidence of curmudgeonliness: becoming irritated with the usage of the > word "speed" in contexts referring to quantification of network > performance, as opposed to "bandwidth" or "latency." _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"