[lug] MD5 strength?

Peter Hutnick peter-lists at hutnick.com
Sat Aug 31 10:02:17 MDT 2002


> Humpf? As the name 'hash' allready implies: there is no way to "break"
> an MD5 password--the original password can't be recovered from the
> crypted version (the crypted version is a _M_essage _D_igest). Now, for
> login etc. you don't _need_ the original version, you only need a word
> that will hash to the same value, and that's where the concerns you
mention
> start: given enough hardware it's possible to find words that hash to
> the same value. So, for really strong security you might want to pick
> another digest method (SHA seems to be safe).

How would you feel about briefly stating how what you said above doesn't
apply to SHA?





More information about the LUG mailing list