/dev/random and /dev/urandom
Poul-Henning Kamp
phk at phk.freebsd.dk
Sun May 11 16:17:48 PDT 2003
There is one current concern with MD5: over-ratio of collisions.
What this means is that it may be a bit too easy to find a
MD5 input which generates a given MD5 output.
This has an impact where one uses MD5 in authentication schemes
like:
server client
-----------------------------------------------------------
WHO ARE YOU ?
(magic=234287234)
Calculate MD5(password + 234287234)
and send the result:
abd344...
Calculate MD5(password + 234287234)
receive clients bid
compare
"they are identical, so the client knows the password"
OK WELCOME!
In such a setting an over-ratio of collisions will at the very least
reduce the probabilities and
In applications where MD5 is simply used as a bit-blender, this is
of no concern.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-bugs
mailing list