Re: This Week's Finds in Mathematical Physics (Week 226)
- From: tessel@xxxxxx
- Date: Sun, 12 Feb 2006 04:37:02 +0000 (UTC)
On Sat, 11 Feb 2006, John Baez mentioned that md5sum was "broken" about a year ago. I just wanted to add:
1. If I am not mistaken, sha-1 and md5sum are different algorithms (IIRC, both are known to be insecure). Anyone interested can probably figure this out from the official specs:
SHA-1 hash algorithm:
http://www.ietf.org/rfc/rfc3174.txt
md5sum message-digest algorithm:
http://www.faqs.org/rfcs/rfc1321.html
2. The latest versions of the open source utility gpg supports a more secure algorithm, SHA-512, which AFAIK has not been broken; see
Tony Stieber, "GnuPG Hacks", Linux Journal, March 2006.
3. Even insecure checksum utilities are probably better than none at all. Indeed, checking the given example
gpg --print-md md5 letter_of_rec.ps order.ps
A2 5F 7F 0B 29 EE 0B 39 68 C8 60 73 85 33 A4 B9
A2 5F 7F 0B 29 EE 0B 39 68 C8 60 73 85 33 A4 B9
Oh NOOOOOO!!! But wait, there's more:
gpg --print-md sha1 letter_of_rec.ps order.ps
0783 5FDD 04C9 AFD2 8304 6BD3 0A36 2A65 16B7 E216
3548 DB4D 0AF8 FD2F 1DBE 0228 8575 E8F9 F539 BFA6
gpg --print-md RIPEMD160 letter_of_rec.ps order.ps
9069 8ACC 6D67 6608 657B 9C26 F047 59A1 DC0E 6CA1
C1BB DE12 B312 EAAD DD3D D3B8 4CA1 CB1B BA47 DD13
Ah HAAAAAA!!! Gotcha, Alice!
For more on cryptographic hash functions and their woes, try these:
9) Cryptographic hash function, Wikipedia,
http://en.wikipedia.org/wiki/Cryptographic_hash
Of course, bear in mind that anyone can edit, blah, blah (including unregistered users, contrary to widely publicized news reports based upon a fundamental misunderstanding).
So, people are getting wary of SHA-1.
Something to think about when you are reading articles at that website which anyone can <s>poison</s> edit.
These are huge and wonderful philosophico-physico-mathematical questions with serious practical implications.
You mean the Weyl curvature hypothesis? :-/
But while we should never neglect incompleteness entirely, I was fascinated to discover from my readings a few years back that even first order logic has its fascinations!
Joel Spencer, The Strange Logic of Random Graphs, Springer 2001
Here's a thought: "Everyone knows" that if on day D, mathematician M is studying an example of size S in class C, he is more likely to be studying a "secretly special" representative R than a generic representative G of size S. Why? Because the secretly special reps show up in disguise in other areas, and M was probably hacking through the jungle from one of those places when he got lost and ate a poisoned cache.
Kinda like the "random appearing" md5sum of the empty file.
Is scientific creativity nothing but a hash sum hack?
Bite me, Brian!
"T. Essel"
.
- Follow-Ups:
- Re: This Week's Finds in Mathematical Physics (Week 226)
- From: John Baez
- Re: This Week's Finds in Mathematical Physics (Week 226)
- References:
- This Week's Finds in Mathematical Physics (Week 226)
- From: John Baez
- This Week's Finds in Mathematical Physics (Week 226)
- Prev by Date: Re: What is the helicity of Higgs Bosons?
- Next by Date: Re: Lorentz violation of the Standard Model
- Previous by thread: This Week's Finds in Mathematical Physics (Week 226)
- Next by thread: Re: This Week's Finds in Mathematical Physics (Week 226)
- Index(es):
Relevant Pages
|
