From: "Jan G.B." on
2010/8/24 Bob McConnell <rvm(a)cbord.com>:
> From: Peter Lind
>
>> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote:
>>> Jan G.B. wrote:
>>>
>>>> The weakness of MD5 is mainly because MD5 collisions are possible.
>>>> That means, that different strings can have the same MD5-hash...
>>>
>>> http://en.wikipedia.org/wiki/MD5#cite_note-1
>>
>> It's worth noting that that essentially does not touch upon whether or
>> not MD5 can be considered safe or not as a means to store password
>> information. The researchers have discovered ways of crafting inputs
>> to easily find colliding hashes - they have not discovered any easy
>> means to craft an input that will collide with a given hash.
>
> That's a simple matter of brute force, which can be done once and saved
> for instant use later. However, putting a salt into your algorithm
> pretty much eliminates the chances of success using that attack.
>
> Bob McConnell
>
Thanks..
actually it's quite annoying when you post an answer which
tries to explain a subject and people just post a link as
response to one citation which somehow lacks relevance on the topic.

My intro-sentence was "I'm not a crypto expert".

Gary, do you expect me to read the full detail report of Tao Xie and
Dengguo Feng?
Can you sum it up in two or three sentences?

Regards
From: Peter Lind on
On 24 August 2010 16:25, Jan G.B. <ro0ot.w00t(a)googlemail.com> wrote:
> 2010/8/24 Bob McConnell <rvm(a)cbord.com>:
>> From: Peter Lind
>>
>>> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote:
>>>> Jan G.B. wrote:
>>>>
>>>>> The weakness of MD5 is mainly because MD5 collisions are possible.
>>>>> That means, that different strings can have the same MD5-hash...
>>>>
>>>> http://en.wikipedia.org/wiki/MD5#cite_note-1
>>>
>>> It's worth noting that that essentially does not touch upon whether or
>>> not MD5 can be considered safe or not as a means to store password
>>> information. The researchers have discovered ways of crafting inputs
>>> to easily find colliding hashes - they have not discovered any easy
>>> means to craft an input that will collide with a given hash.
>>
>> That's a simple matter of brute force, which can be done once and saved
>> for instant use later. However, putting a salt into your algorithm
>> pretty much eliminates the chances of success using that attack.
>>
>> Bob McConnell
>>
> Thanks..
> actually it's quite annoying when you post an answer which
> tries to explain a subject and people just post a link as
> response to one citation which somehow lacks relevance on the topic.
>

The link posted was all the relevance there is. MD5 is not weak in the
sense that it is easy to find collisions when all you have is a hash
(which is what you were implying). MD5 is only weak in the sense that
it's possibly to generate two input texts such that the MD5 hashes of
both will collide.
The "other" weakness of MD5 (the more relevant one here) is that
calculating an MD5 hash is relatively fast today. Which means you can
generate rainbow tables of the most common inputs in relatively little
time. Of course, these rainbow tables are worthless against more
secure passwords and/or against salted passwords.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
From: "Jan G.B." on
2010/8/24 Peter Lind <peter.e.lind(a)gmail.com>:
> On 24 August 2010 16:25, Jan G.B. <ro0ot.w00t(a)googlemail.com> wrote:
>> 2010/8/24 Bob McConnell <rvm(a)cbord.com>:
>>> From: Peter Lind
>>>
>>>> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote:
>>>>> Jan G.B. wrote:
>>>>>
>>>>>> The weakness of MD5 is mainly because MD5 collisions are possible.
>>>>>> That means, that different strings can have the same MD5-hash...
>>>>>
>>>>> http://en.wikipedia.org/wiki/MD5#cite_note-1
>>>>
>>>> It's worth noting that that essentially does not touch upon whether or
>>>> not MD5 can be considered safe or not as a means to store password
>>>> information. The researchers have discovered ways of crafting inputs
>>>> to easily find colliding hashes - they have not discovered any easy
>>>> means to craft an input that will collide with a given hash.
>>>
>>> That's a simple matter of brute force, which can be done once and saved
>>> for instant use later. However, putting a salt into your algorithm
>>> pretty much eliminates the chances of success using that attack.
>>>
>>> Bob McConnell
>>>
>> Thanks..
>> actually it's quite annoying when you post an answer which
>> tries to explain a subject and people just post a link as
>> response to one citation which somehow lacks relevance on the topic.
>>
>
> The link posted was all the relevance there is. MD5 is not weak in the
> sense that it is easy to find collisions when all you have is a hash
> (which is what you were implying). MD5 is only weak in the sense that
> it's possibly to generate two input texts such that the MD5 hashes of
> both will collide.
>  The "other" weakness of MD5 (the more relevant one here) is that
> calculating an MD5 hash is relatively fast today. Which means you can
> generate rainbow tables of the most common inputs in relatively little
> time. Of course, these rainbow tables are worthless against more
> secure passwords and/or against salted passwords.
>
> Regards
> Peter
>
Hi peter,
this clears it up for me. So I was quite correct with my post. :-)

Have a nice day.

Regards,
Jan