Penetration Testing mailing list archives
Re: Insecure Hash Algorithms (MD5) and NTLMv2
From: Jack Lloyd <lloyd () randombit net>
Date: Wed, 2 Nov 2005 12:10:00 -0500
On Tue, Nov 01, 2005 at 09:57:35AM -0000, Miguel Dilaj wrote:
Hi Daniel, I fully agree with you. The whole buzz about MD5 being "weak" has been grossly misunderstood and exagerated by the media. Generating arbitrary malware that produces the same hash (MD5 or any other) it's still very difficult, and has nothing to do with cracking password hashes. I know some byte chains for MD5 have already being produced, don't throw the links at me ;-) The time required either to generate a table or to parse it will be slightly longer if the hash has more bits, more space will be required for the tables, but that's pretty much it. We can't even start to compare that with the "real bruteforcing" time. Another interesting point is that the media has presented this as "MD5=bad, otherhash=good". In theory ALL hashing algorithms are clearly flawed by collisions. Every single one of them, and the reason is of mathematical nature.
[...] Yes, obviously all hash functions which hash larger strings to smaller strings are going to have collisions (this is due to an old mathematical result called the pigeonhole principle). That is not a flaw, because it is intrinsic to the fact that the input domain is larger than the output domain. The flaw here is that MD5 collisions can be generated not only much faster than they should be (2^64 tries, which is a significant amount of work), but fast enough to be quite practical (a few hours on a big machine). SHA-1 has also been broken, but the attack is estimated to take 2^69 effort (about 2000 times easier than expected) which is not practically doable right now unless you are government funded. You say "it's still very difficult". Maybe so, today, but the attacks are good, and they are going to get better - the MD4/MD5/SHA-1 breaks have stirred up a lot of new interest in hash fuction analysis. Waiting until MD5 is so thoroughly broken that you have no choice but to move away from it sems like a poor plan, unless you enjoy running crash projects. -Jack ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Thierry Zoller (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Steve Friedl (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 04)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Steve Friedl (Nov 03)
- RE: Insecure Hash Algorithms (MD5) and NTLMv2 Ben Nagy (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Thor (Hammer of God) (Nov 04)
- <Possible follow-ups>
- RE: Insecure Hash Algorithms (MD5) and NTLMv2 Miguel Dilaj (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Jack Lloyd (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 01)