Bogus digital signatures, Re: OT: utility account transfer frauds

Fri, 11 Oct 2002 07:54:22 +0100 (BST)

From: Matthew Astley <lists-ukcrypto@fruitcake.demon.co.uk>

> Anyway, it would appear that distributed.net is big enough[1] to
> attack the 128-bit MD5, because the birthday paradox reduces it to an
> approximately 64-bit problem.

There's the additional matter of not having all their memory in the same
place (this can be dealt with).  But 24*(2^64) bytes sounds a lot to me and
I doubt there is that much to be recruited.

Plus you have to keep the original documents around until you finish so
you can say what the collision was.