Oooh MD5

by Devanshu Mehta

“C-net’s”: has an article about how “Microsoft”: apparently had a conference where they invited ‘hackers’ to help them discover security flaws. My first and humongous beef with the article is the usage of the term ‘hacker’; but that’s a whole ‘nother issue for a whole other day.

The more subtle issue is from this paragraph:

“this one guy with a shock of white hair looks straight at me and just says, ‘MD5.'” Kaminsky, who said the comment seemed more like an order than a request for information, complied by demonstrating how two Web pages could have the same “hash,” as the man listened and nodded knowingly.

A week later, Kaminsky learned that his interrogator was Jim Allchin–one of the highest-ranking executives at Microsoft and, as the person in charge of the Windows operating system, one of the leaders in the technology industry as a whole. Allchin’s questions made clear just how deep the technical knowledge runs among the most senior ranks of the world’s biggest software company.

MD5- in the eyes of Ina Fried of CNet is ‘deep technical knowledge’. For someone who is in-charge of Windows- and I mean IN-CHARGE- knowledge of MD5 should never be impressive. What audience is this article meant for?

I have trouble with journalists misleading non-technical people with techspeak to push a story. The ‘hacker’ in the headline is there to draw readers and the ‘MD5’ in the anecdote is to get non-techs impressed with Microsoft’s interest in security. It will take more than an awesome, deep knowledge of MD5.