Re: [NSPipe pipe] returning nil (running out of filehandles?)
Re: [NSPipe pipe] returning nil (running out of filehandles?)
- Subject: Re: [NSPipe pipe] returning nil (running out of filehandles?)
- From: John Stiles <email@hidden>
- Date: Wed, 02 Apr 2008 09:12:28 -0700
Jens Alfke wrote:
Also, you're aware that MD5 shouldn't be used for anything
security-related anymore? Last I heard it's pretty close to being
fully broken. SHA-1 is a lot more secure, and has a larger output
which itself makes collisions less likely.
"Fully broken"? I don't know about that. Simpler variants—I think it was
MD4?—have some kind of non-threatening attacks, e.g. the keyspace for
finding a packet with the same signature is several powers of 2 less
than the full keyspace. But the matching packet will basically be
identical except a handful of bits are flipped. And AFAIK nobody is even
remotely close to finding a technique which would let you write
arbitrary data and then tack on a few bytes to get the signature you
want, and that's what I'd call "fully broken," at least that's what
you'd need to find in order to make an exploit. Nobody has done any of
this for real MD5 yet as far as I know. (In fact, I am not sure that
anyone has found any two packets that generate an identical MD5 signature!)
If you are not CPU bound, SHA-1 is probably better anyway, but don't
feel obligated to use it if it turns out to be a performance concern. I
think it's going to be quite some years before we see a viable approach
for hacking MD5 in such a way that it would create an actual security
concern.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden