WebApp Sec mailing list archives
Re: MD5 math question
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 6 Jan 2006 10:21:20 -0500
Without knowing the correct password there is no way of knowing that the collision isn't it, and from a practical point of view it doesn't matter in the slightest.
Very true.
Considering the fact that MD5 has been broken though, I'm fairly surprised it even came up to discussion. It's not exactly hard to find info or even collision-generators.
See... People keep bringing this up, and it is true, MD5 has been shattered when it comes to collision resistance, but this is not the same as pre-image or second pre-image resistance. I don't believe either of those are broken yet for MD5 (please link me if I am wrong), so I think this is still a valid discussion, and applicable other hash algorithms as well.
As for not using salts, read this. You'll change your mind. http://discuss.develop.com/archives/wa.exe?A2=ind0301b&L=advanced-dotnet&T=0&F=&S=&P=4424
Indeed. Always use salts. This is one reason LM hashes can be reversed so readily. tim ------------------------------------------------------------------------------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- MD5 math question Jeff Robertson (Jan 03)
- Re: MD5 math question Chris Varenhorst (Jan 03)
- Re: MD5 math question Tim (Jan 03)
- RE: MD5 math question Vipul Kumra (Jan 04)
- Memo: Re: MD5 math question tim . m . james (Jan 04)
- Re: MD5 math question Charles Miller (Jan 05)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 06)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 07)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Charles Miller (Jan 06)
- <Possible follow-ups>
- FW: RE: MD5 math question Vipul Kumra (Jan 04)
- Re: FW: RE: MD5 math question Chuck (Jan 06)
- RE: MD5 math question Navroz Shariff (Jan 04)
- RE: MD5 math question Jeff Robertson (Jan 07)