Menu
▾
▴
Re: [Firebird-devel] crypt plugins
|
From: Mark O'D. <mar...@fi...> - 2004-09-24 04:27:34
|
Carlos Guzmán Álvarez wrote: > Hello: > >> As default I suggest to use md5, making new installations secure. > > > MD5 isn't secure, read this: > Thats a bit dramatic - and wrong! > http://pages.infinit.net/ctech/20040918-0855.html Well he does say: > There is a lot of techno-talk (and FUD) about this. Actually this > isn't big news as MD5 had been known to be weak for quite some time > "weak" is a fairly judgemental term, he then points to: > For those interested to understand more in a single page I suggest > the recent article from Bruce Schneier. So what Does Bruce actually say: > Cryptanalysis of the MD4 family of hash functions has proceeded in > fits and starts over the last decade or so, with results against > simplified versions of the algorithms and partial results against the > whole algorithms. This year, Eli Biham and Rafi Chen, and separately > Antoine Joux, announced some pretty impressive cryptographic results > against MD5 and SHA. Collisions have been demonstrated in SHA. And > there are rumors, unconfirmed at this writing, of results against > SHA-1. Actually the real news was, that SHA-1 may be as unsafe as MD5. In the same article Bruce also says: > To a user of cryptographic systems -- as I assume most readers are -- > this news is important, but not particularly worrisome. MD5 and SHA > aren't suddenly insecure. No one is going to be breaking digital > signatures or reading encrypted messages anytime soon with these > techniques. The electronic world is no less secure after these > announcements than it was before. > Basically, MD5 and SHA1 are both currently secure - despite the techno-talk FUD. Cheers Mark |
