How to edit PDF?
Chosechu
chosechu at gmail.com
Sun Nov 27 19:19:09 UTC 2005
Do not use MD5 for cryptographic signatures!
It has been broken. Have a look at:
http://www.cits.rub.de/MD5Collisions/
for meaningful human-readable documents hashing to the
same MD5 sum.
Looks like SHA1 is taking the same path as MD5.
Other hash functions with a longer future could
be SHA-256, SHA-512.
--
Chosechu
David Teague(T-bird acct) wrote:
> Tristan Wibberley wrote:
>
>> David Teague(T-bird acct) wrote:
>>
>>> That is one use for MD5 check sums. It doesn't make the
>>> file inviolable, but it gives the recipient an almost unbreakable
>>> check against tampering.
>>>
>>
>> MD5 based signatures probably don't do that anymore. md5 is now pretty
>> easy to break (a researcher recently released a tool to find md5
>> collisions) and any file format that enables you to make changes that
>> are not apparent when rendered is extremely susceptible to such attacks.
>> That includes pdf and postscript. You should certainly be using at least
>> SHA-1 for this now.
>>
> Well Dang! Is there a mechanism that is better
> than MD5 (i.e. that is 'almost' unbreakable) ??
>
> A slightly different way might be to encrypt. There is
> 128 bit encryption .... is it any good for this purpose?
> The theory says that given sufficient computing power,
> any encryption can be broken. I would like to find one
> that nobody but a government (or Microsoft) will have
> the resources to break it -- at least for a year or two.
>
> Warm Regards
> David
>
> -- -- David Teague, cs.wcu.edu/~dbt -- Advocating Free Software and
> Double Bass tuned in fifths -- Classical Bass www.dennismasuzzo.com;
> www.silviodallatorre.com; www.joelquarrington.com -- Jazz Upright Bass
> Red Mitchell, home.teleport.com/~mimuma/; www.larryholloway.com/;
>
>
More information about the ubuntu-users
mailing list