How does Nginx look-up cached resource?

Maxim Dounin mdounin at mdounin.ru
Sun Sep 6 01:56:30 UTC 2015 

Hello!

On Sat, Sep 05, 2015 at 12:20:06AM +0300, Gena Makhomed wrote:

> On 04.09.2015 22:43, Maxim Dounin wrote:
> 
> >>>For sure this is something that can be done. The question remains
> >>>though: how often collisions are observed in practice, is it make
> >>>sense to do anything additional to protect from collisions and
> >>>spend resources on it? Even considering only md5, without the
> >>>crc32 check, no practical cases were reported so far.
> >>
> >>What?
> >>That SHOULD be done! Once is already too much!
> >
> >No one yet happened.  And likely won't ever happen, as md5 is a
> >good hash function 128 bits wide, and it took many years to find
> >even a single collision of md5.  And even if it'll happen, we have
> >crc32 check in place to protect us.
> 
> "and it took many years to find even a single collision of md5"
> 
> This is not true:
> 
> The security of the MD5 hash function is severely compromised.
> A collision attack exists that can find collisions within seconds
> on a computer with a 2.6 GHz Pentium 4 processor (complexity of 2**24.1)
> - https://en.wikipedia.org/wiki/MD5#Security

I said "took", not "takes now".  The MD5 hash function was 
introduced in 1991, and the first collision was found in 2004.

Also, it's important to understand that, while collision attacks 
now exists, it doesn't really make MD5 bad for various 
non-security uses.  

[...]

> Variable-length hash function SHAKE128 from SHA-3 standard,
> for message M and output length 128 bit - SHAKE128(M, 128)
> have high collision resistance, its security is 64 bits.
> 
> Also, using SHA-3 SHAKE128 instead of MD5 will be good
> for marketing purposes and for nginx compliance with
> any existing security standards and recommendations,
> which forbid and not recommend any usage of MD5.
> 
> Theoretically, it is possible situation, what some of
> potential customers of NGINX Plus can't use NGINX Plus
> because NGINX Plus internally use MD5, which is broken.

We can't really avoid using MD5 anyway, as we support some 
things that require md5 (like $apr1$ passwords).

Also, in this particular case keeping keys 128 bits wide isn't 
really required, and we can switch to any other function if 
needed.  And, while SHA-3 is certainly interesting, I would rather 
prefer something more common.  But I don't really think cache keys 
hash need to be changed.

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list