[lug] MD5 strength?
rm at fabula.de
rm at fabula.de
Sat Aug 31 10:39:09 MDT 2002
On Sat, Aug 31, 2002 at 10:02:17AM -0600, Peter Hutnick wrote:
> > Humpf? As the name 'hash' allready implies: there is no way to "break"
> > an MD5 password--the original password can't be recovered from the
> > crypted version (the crypted version is a _M_essage _D_igest). Now, for
> > login etc. you don't _need_ the original version, you only need a word
> > that will hash to the same value, and that's where the concerns you
> mention
> > start: given enough hardware it's possible to find words that hash to
> > the same value. So, for really strong security you might want to pick
> > another digest method (SHA seems to be safe).
>
> How would you feel about briefly stating how what you said above doesn't
> apply to SHA?
Ok, probably a missunderstandable wording. What i said about the
"mechanics" of MD5 also applies to SHA -- the difference is in the
resolution of "enough hardware". I actually passed the original question
on to one of my coworkers (yelled it down the hallway, to be precise).
I split up the question into two parts:
- is MD5 reversible ? (no)
- is MD5 considered safe? (not really, it takes _much_ more hard-
ware to find words that map to the same digest when using SHA).
If you need more precise references i'd have to walk over to my source
of information and investigate (ups, we just had a major software design
battle, might need some time to calm down first ;-)
Ralf
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list