On 21 Apr 2005 Greg Donald wrote: > > Same thing with MD5, it > > is just one way, it can't be reversed. > > MD5 collisions were found last year: > http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf > > Just a matter of time/cpu power. I don't think that's right. Collisions allow certain kinds of cryptographic attacks against things like MD5-based signatures but that is not at all the same as being able to simply determine the original message content from the digest. Rather, they allow you to substitute the original message with a different one which generates the same MD5 hash. This may or may not be useful as an attack, depending on how MD5 is being used. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
