[nSLUG] US Homeland Security

M Taylor mctylr at privacy.nb.ca
Wed Aug 18 18:11:03 ADT 2004


On Wed, Aug 18, 2004 at 04:39:25PM -0300, Donald Teed wrote:
> 
> I think that was the same article mentioned in Slashdot a day ago.
> The significance being that historically the discovery of
> a decoding method has not been far behind a discovery like this.
 
You don't reverse (decode) hash functions, they are one-way 
because they throw away information. They "break" in their 
usefulliness as a cryptographically strong hash when an attacker
cannot find a different input that creates the same input.

> Well, most of us have shadow files that are hidden from joe user.
> That would help that end of things for awhile.  But would md5
> crackability effect the web as well?

MD5 is used in PGP,GPG (and other OpenPGP applications) when using RSA
pubic keys, and in common usage of SSL/TLS (a la HTTPS) protocol suite.
IT is standard in just about every crypto toolkit, and the well known
Linux *BSD md5/md5sum programs.

It does prove the point of Jean-Luc Cooke of md5crk.com, who 
was trying to get a distributed computing project to attack md5
for collions, it appears the Chinese researchers were able to create 
a new collision within 12-24 hours after an error was pointed out
in their pre-print article (an endianness and translation issue).

> of transmission lines.  Then there are idiots like McGuinty 
> (prem of Ontario) who suggested the grids need to be
> more interconnected.  Duh!  Does a longer chain of dominos
> stay up any better?

The cascade effect is unavoidable in any complex system during
an unexpected failure mode. More interconnection does prevent
price gouging, which is an issue in Ontario after market caps
were removed by Ont gov't, and may reduce the pressure to build
new generating stations which due to legal roadblocks by 
communities and environmentalists and high safety standards is
very expensive. Note, I am not saying these are bad things, just
that they do add expense.



!DSPAM:4123c5fc325498248214691!




More information about the nSLUG mailing list