From: "Jan G.B." on 24 Aug 2010 10:25 2010/8/24 Bob McConnell <rvm(a)cbord.com>: > From: Peter Lind > >> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote: >>> Jan G.B. wrote: >>> >>>> The weakness of MD5 is mainly because MD5 collisions are possible. >>>> That means, that different strings can have the same MD5-hash... >>> >>> http://en.wikipedia.org/wiki/MD5#cite_note-1 >> >> It's worth noting that that essentially does not touch upon whether or >> not MD5 can be considered safe or not as a means to store password >> information. The researchers have discovered ways of crafting inputs >> to easily find colliding hashes - they have not discovered any easy >> means to craft an input that will collide with a given hash. > > That's a simple matter of brute force, which can be done once and saved > for instant use later. However, putting a salt into your algorithm > pretty much eliminates the chances of success using that attack. > > Bob McConnell > Thanks.. actually it's quite annoying when you post an answer which tries to explain a subject and people just post a link as response to one citation which somehow lacks relevance on the topic. My intro-sentence was "I'm not a crypto expert". Gary, do you expect me to read the full detail report of Tao Xie and Dengguo Feng? Can you sum it up in two or three sentences? Regards
From: Peter Lind on 24 Aug 2010 10:46 On 24 August 2010 16:25, Jan G.B. <ro0ot.w00t(a)googlemail.com> wrote: > 2010/8/24 Bob McConnell <rvm(a)cbord.com>: >> From: Peter Lind >> >>> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote: >>>> Jan G.B. wrote: >>>> >>>>> The weakness of MD5 is mainly because MD5 collisions are possible. >>>>> That means, that different strings can have the same MD5-hash... >>>> >>>> http://en.wikipedia.org/wiki/MD5#cite_note-1 >>> >>> It's worth noting that that essentially does not touch upon whether or >>> not MD5 can be considered safe or not as a means to store password >>> information. The researchers have discovered ways of crafting inputs >>> to easily find colliding hashes - they have not discovered any easy >>> means to craft an input that will collide with a given hash. >> >> That's a simple matter of brute force, which can be done once and saved >> for instant use later. However, putting a salt into your algorithm >> pretty much eliminates the chances of success using that attack. >> >> Bob McConnell >> > Thanks.. > actually it's quite annoying when you post an answer which > tries to explain a subject and people just post a link as > response to one citation which somehow lacks relevance on the topic. > The link posted was all the relevance there is. MD5 is not weak in the sense that it is easy to find collisions when all you have is a hash (which is what you were implying). MD5 is only weak in the sense that it's possibly to generate two input texts such that the MD5 hashes of both will collide. The "other" weakness of MD5 (the more relevant one here) is that calculating an MD5 hash is relatively fast today. Which means you can generate rainbow tables of the most common inputs in relatively little time. Of course, these rainbow tables are worthless against more secure passwords and/or against salted passwords. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype>
From: "Jan G.B." on 24 Aug 2010 11:01
2010/8/24 Peter Lind <peter.e.lind(a)gmail.com>: > On 24 August 2010 16:25, Jan G.B. <ro0ot.w00t(a)googlemail.com> wrote: >> 2010/8/24 Bob McConnell <rvm(a)cbord.com>: >>> From: Peter Lind >>> >>>> On 24 August 2010 15:43, Gary <php-general(a)garydjones.name> wrote: >>>>> Jan G.B. wrote: >>>>> >>>>>> The weakness of MD5 is mainly because MD5 collisions are possible. >>>>>> That means, that different strings can have the same MD5-hash... >>>>> >>>>> http://en.wikipedia.org/wiki/MD5#cite_note-1 >>>> >>>> It's worth noting that that essentially does not touch upon whether or >>>> not MD5 can be considered safe or not as a means to store password >>>> information. The researchers have discovered ways of crafting inputs >>>> to easily find colliding hashes - they have not discovered any easy >>>> means to craft an input that will collide with a given hash. >>> >>> That's a simple matter of brute force, which can be done once and saved >>> for instant use later. However, putting a salt into your algorithm >>> pretty much eliminates the chances of success using that attack. >>> >>> Bob McConnell >>> >> Thanks.. >> actually it's quite annoying when you post an answer which >> tries to explain a subject and people just post a link as >> response to one citation which somehow lacks relevance on the topic. >> > > The link posted was all the relevance there is. MD5 is not weak in the > sense that it is easy to find collisions when all you have is a hash > (which is what you were implying). MD5 is only weak in the sense that > it's possibly to generate two input texts such that the MD5 hashes of > both will collide. > The "other" weakness of MD5 (the more relevant one here) is that > calculating an MD5 hash is relatively fast today. Which means you can > generate rainbow tables of the most common inputs in relatively little > time. Of course, these rainbow tables are worthless against more > secure passwords and/or against salted passwords. > > Regards > Peter > Hi peter, this clears it up for me. So I was quite correct with my post. :-) Have a nice day. Regards, Jan |