It gets worse...
Christopher R. Hertel
crh at ubiqx.mn.org
Fri Aug 20 17:45:09 GMT 2004
On Fri, Aug 20, 2004 at 10:30:55AM -0700, Jeremy Allison wrote:
> I don't know if anyone here follows sci.crypt, but it looks
> like a generic method of finding MD4 collisions has been
> discovered. No published details yet.
>
> Summary here :
>
> http://jis.mit.edu/pipermail/saag/2004q3/000913.html
>
> "* Weng, Fang, Lai, and Yu have what appears to be a general method for
> finding collisions in MD4, MD5, HAVAL-128, and RIPEMD. They
> haven't published any details."
>
> This could be very bad for NTLM auth.....
...and possibly MAC signing, which is based on HMAC-MD5. I'm still
thinking of how this might be used.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list