Hashing of usernames in syslog

[David T. Ashley]

> -----Original Message-----
> From: inn-workers-bounce at isc.org [mailto:inn-workers-bounce at isc.org]On
> Behalf Of Forrest J. Cavalier III
> Sent: Monday, September 30, 2002 9:26 AM
> To: inn-workers at isc.org
> Cc: forrest at mibsoftware.com
> Subject: RE: Hashing of usernames in syslog
> > I want to see papers
> > which point out vulnerabilities in MD5.
>
> Seems like you didn't even try to look.  The google.com search terms
> you want are
>   md5 Hans Dobbertin
>
> You could have arrived at that yourself by searching
>   md5 broken
>
> (You seem to know more about encryption and security than
> I do, so I'd be interested in knowing what you thought
> of the paper.)

Hi Forrest,

The information on the web, using the search terms you suggested, seems to
be difficult to evaluate.  I did review what Hr. Hans Dobbertin had written.

The trouble is that the attack Hr. Dobbertin mounted is an attack on a
modified MD5.  What he was able to do is a warning sign about MD5, but still
nobody seems to have a concrete procedure out there for violating the
executive summary of MD5.

Specifically, nobody seems to be able to mount the following attack:

a)Given an MD5 message digest,

b)Find a message which has this same message digest in less than on average
2^{127} operations, OR

c)Glean some useful information about the message (identify some constraints
on the message based on its MD5 or place the message in a set which is
substantially smaller than the number of random bit patterns).

So, the things I've found are "warning signs" of weakness and not actual
practical attacks.

I can't evaluate the significance.

If there were a practical attack, the significance would be clear.  However,
it isn't easy to extrapolate an attack on a modified version.

Well, all I can say is that using SHSH1 (did I spell that right?) seems more
secure, since no warning signs have been found.  No smoke.  No fire.

Best regards, Dave.