Blog Post

Crypto Primer: Understanding Encryption, Certificates, Public/Private Key & Digital Signatures

Play Crypto Primer: Understanding Encryption, Certificates, Public/Private Key & Digital Signatures

The Discussion

  • User profile image

    Great talk, thank you! Smiley

  • User profile image

    Thanks bPratik. Hope it helped your understanding...

  • User profile image

    Collisions for MD4 have been known for more than 15 years. These days finding a collision takes less than one second. Likewise, collisions for MD5 can be found in less than one minute. Both are considered totally broken from a security point of view.

    Amateurs shouldn't be writing about cryptography.

  • User profile image

    Hi carstenbh,

    Thanks for the insight. I had considered posting some example collisions - there are examples on the net. Ron Rivest predicted collisions for MD4 many years before it was released, which was 23 years ago and the creation of collisions for fixed-length function outputs have been known for many hundreds of years.

    Yes - there are groups who assert that MD4/5 are broken, with the availability of modern high-speed computers. MD4/5 are still heavily used as the digest in many systems and protocols so I guess we live with what's out there in the real world. We have to be realistic about what we want to change and what's already in circulation

    What you say about finding MD4 collisions is interesting. When you say they "can" be found in less than one second do you mean "it has been shown to be possible to do it in less than 1 second" or "you will find a collision in less than 1 second". I didn't know that, if it's the former. Could you post some example code that would do it? - and I'll add that factoid in to the video. It'd certainly make it more interesting showing a demo spewing out MD4 collisions at 60 per minute! That'd be incredible!

    "Amateurs shouldn't be writing about cryptography" - I guess you can please all of the people some of the time, or some of the people all of the time - but you can't please all of the people all of the time Sad 

    Thanks for the expert insightful observations on MD4 collisions.


  • User profile image
    Captain K

    Your vid is a great intro to crypto. You don't say anything in it that's wrong. It's just that since the widespread use of GPUs it's become possible to calculate hundreds of millions of hashes a second. Also there are weaknesses in MD4/5 that allow you to calculate collisions directly - not sure how fast you could generate them though. You'll see MD4/MD5 used less and less as time goes forward in preference to other hashing functions.

    It's a good vid that does a good job of explaining what most see as a black art. You demonstrate the math but you even emphasize that you don't understand why it works that way. I say that's enough for most people. It's not the math that's important to developers who use crypto APIs, it's the principles. That's what your vid captures.

  • User profile image

    I wish I'd watched this before I tried to get SSL working on IIS. It all makes perfect sense now. It's more than I need to know but it fills in all the blanks and I'm sure it's given me the background I need to troubleshoot next time I get a certificate error...

  • User profile image

    planky (weird name but cool) this is a really good overview. i saw the written version on your blog too. ive sent lots of workmates to have a look and watch the vid. neat job. its untangled lots of questions I used to have. thanks.

  • User profile image

    one of the best explanation i read recently. thanks.

  • User profile image

    Really great explanation, thank you!

  • User profile image
    Digital signature certificate

    Thanks for sharing such an awesome post. This is very informative and helpful, share more post
    like Thank you so much for providing such useful content.We are also provide in digital signature certificate in Delhi.

Add Your 2 Cents