[Enigmail] Solved: PGP indicates enigmail signed messages are invalid
Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 13 10:52:51 PDT 2009
> Well, some time ago, it was something that was not possible to do even
> in an unreasonable amount of computing time, now it is possible (with
> MD5) with an unreasonable amount of computing time...
MD5 collisions can be generated in realtime; we know this to be true
and have known it to be true for more than a decade.
Currently, MD5 collisions require a few minutes to generate, using
some fairly high end equipment. That said, neither the time nor
expense is "unreasonable."
_All_ hash functions are subject to collisions, assuming the attacker
is willing to spend unreasonable time and effort. By "unreasonable
time," I mean in the billions of years, and by "unreasonable effort,"
I mean building a Dyson Sphere around the sun to capture enough energy
to power the computer.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Enigmail
mailing list