Report of collision-generation with MD5
Borja Marcos
borjamar at sarenet.es
Thu Aug 19 02:45:26 PDT 2004
> Someone I was talking to made a point of highlighting that this is
> what the Chinese Government is allowing to be published in this area
> of research. That's enough to make you wonder what they've
> discovered but not published...
There is a fine line between false sense of security and conspiranoia,
and when using *any* cryptographic system (which includes algorithms)
you must decide where to put your trust.
I think (this is a personal opinion) that such an important discovery
is really hard to keep secret. Since cryptography became a public
research area, it is quite likely for important discoveries to be
widely known.
Of course, researchers working for government agencies can keep their
discoveries secret, but bear in mind that an apparently "harmless"
Mathematics discovery can have a dramatic impact on cryptography.
Although the example is obvious, imagine an article with a title such
as: "A faster method to factorize integers constructed as the product
of two primes given the constraints...". It could have a dramatic
impact on the security of any system using the RSA algorithm.
Do you think it is so easy to filter Mathematics research reports?
This is the joy of basic research. In many cases (of course you know in
my example!) you don't really know what the practical
applications/consequences will be.
Borja.
More information about the freebsd-security
mailing list