[Openswan Users] MD5 cracked

Ted Kaczmarek tedkaz at optonline.net
Thu Aug 19 09:18:54 CEST 2004

On Wed, 2004-08-18 at 21:04 -0500, Carl Wilhelm Soderstrom wrote:
> On 08/19 01:29 , Jacco de Leeuw wrote:
> > 
> > I understand that MD5 has been cracked. Collisions have been found
> > which does not make MD5 suitable for general use anymore.
> > More info at: http://www.rtfm.com/movabletype/
> by the sound of it, it hasn't been 'cracked' the way MD4 has been (i.e. a
> simpler-than-brute-force attack has been found). it's just that some people
> claim to have a way to find collisions in the hashes; which is still a long
> way from being able to generate arbitrary traffic and insert it into a
> stream, or read an encrypted connection in a reasonable amount of time.
> Correct me if I'm wrong, please.
Also, wouldn't a shorter key lifetime mitigate this?


More information about the Users mailing list