Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:No weakness (Score 1) 300

Firstly, from this article:

The attack is based on known weaknesses in the cryptographic hash function known as MD5. In 2004, researchers from China showed it was possible to generate the same MD5 fingerprint for two different messages using off-the-shelf computer hardware. Three years later, a separate group of researchers - many who participated in Tuesday's presentation in Berlin - built off of those findings by showing how to have almost complete freedom in the choice of both messages.

Maybe I am missing some precision thrust of meaning with your choice of words but my understanding is that the researchers utilized brute force to readily take advantage of a known weakness of MD5. No, it is not broken for everything, but it is most definitively broken for use within the PKI infrastructure (signing certificates).

"Oh my! An `inflammatory attitude' in alt.flame? Never heard of such a thing..." -- Allen Gwinn, allen@sulaco.Sigma.COM