On Wed, Sep 08, 2004 at 00:33:39 -0400,
Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> I've been hearing rumblings that MD5 and all other known crypto
> protocols are known vulnerable since the latest crypto symposiums.
> (Not that we didn't all suspect the NSA et al could break 'em, but
> now they've told us exactly how they do it.)
Things aren't currently that bad. So far people have found a way to find
two strings that give the same hash using MD5. They haven't yet found a way
to find a string which hashes to a given hash. SHA-0 was also shown to
have some weakness. From comments I have read, I don't think SHA-1 was
shown to have any weaknesses. One comment specifically mentioned that
the change made between SHA-0 and SHA-1 seems to have been made to address
the weakness found in SHA-0. I haven't read the source papers, so take this
all with a grain of salt.