PasswordMaker Forums

Miscellaneous => Other => Topic started by: quixin on December 01, 2007, 03:40:11 AM

Title: Is MD5 dead?
Post by: quixin on December 01, 2007, 03:40:11 AM
What do you guys make of this?

Quote
We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.

http://www.win.tue.nl/hashclash/SoftIntCodeSign/ (http://www.win.tue.nl/hashclash/SoftIntCodeSign/)
Title: Re: Is MD5 dead?
Post by: Miquel 'Fire' Burns on December 02, 2007, 02:37:25 AM
Yea, it was bound to happen. Any hashing tool can have this. Also, unless they were also the same size, other checks should raise a red flag (Gentoo Portage uses three(I think) hashing tools plus file size to make sure the file is right)
Title: Re: Is MD5 dead?
Post by: Eric H. Jung on December 03, 2007, 06:35:42 PM
For the purposes of PasswordMaker, MD5 is still viable. The likelihood of two or more master passwords colliding is unbelievably low.