Report of collision-generation with MD5

Borja Marcos borjamar at
Thu Aug 19 02:45:26 PDT 2004

> Someone I was talking to made a point of highlighting that this is
> what the Chinese Government is allowing to be published in this area
> of research.  That's enough to make you wonder what they've
> discovered but not published...

	There is a fine line between false sense of security and conspiranoia, 
and when using *any* cryptographic system (which includes algorithms) 
you must decide where to put your trust.

	I think (this is a personal opinion) that such an important discovery 
is really hard to keep secret. Since cryptography became a public 
research area, it is quite likely for important discoveries to be 
widely known.

	Of course, researchers working for government agencies can keep their 
discoveries secret, but bear in mind that an apparently "harmless" 
Mathematics discovery can have a dramatic impact on cryptography. 
Although the example is obvious, imagine an article with a title such 
as: "A faster method to factorize integers constructed as the product 
of two primes given the constraints...". It could have a dramatic 
impact on the security of any system using the RSA algorithm.

	Do you think it is so easy to filter Mathematics research reports? 
This is the joy of basic research. In many cases (of course you know in 
my example!) you don't really know what the practical 
applications/consequences will be.


More information about the freebsd-security mailing list