« What do National Guard recruiters do all day? | Main | Seatbelt light civil disobedience »
March 9, 2005
MD5/SHA-1 slides
I'll be talking about the status of MD5/SHA-1 at Thursday's IETF Open Security Area Meeting. Here are my slides. BTW, using LaTeX for slides is a lot less bad than I expected.UPDATE 3/14/05: I've uploaded the slides I actually gave, incorporating some comments from Cyperpunk and Paul Hoffman.
Posted by ekr at March 9, 2005 6:07 AM | Filed under:
Comments
That looked good. You're missing a right parenthesis at the end of the HMAC definition. Also, the comment that finding a colliding HMAC is "doubly difficult because inner and outer prefixes are different" is not right; it is only necessary to find a collision using the inner prefix, and then it will automatically be a collision for the outer prefix, because the outer prefix is applied to the hash output from the inner hash, not the message itself.
Posted by: Cypherpunk at March 9, 2005 10:01 AM
Cypherpunk. Good catches. I plead lack of sleep for the "doubly difficult" error.
Posted by: EKR at March 9, 2005 11:06 AM
I heard today that the Wang MD5 paper is out, plus a paper by Klima with a potential speedup on her attack. See http://cryptography.hyperlink.cz/MD5_collisions.html.
Posted by: Cypherpunk at March 11, 2005 10:58 AM
There's a rather alarmist article on page 1 of today's Wall Street Journal on hash collisions. Looks like they haven't read ekr's slides.
Posted by: Jim Fenton at March 15, 2005 8:24 AM