WebApp Sec mailing list archives
Re: MD5 math question
From: exon <exon () home se>
Date: Fri, 06 Jan 2006 17:40:35 +0100
Tim wrote:
Considering the fact that MD5 has been broken though, I'm fairly surprised it even came up to discussion. It's not exactly hard to find info or even collision-generators.See... People keep bringing this up, and it is true, MD5 has been shattered when it comes to collision resistance, but this is not the same as pre-image or second pre-image resistance. I don't believe either of those are broken yet for MD5 (please link me if I am wrong), so I think this is still a valid discussion, and applicable other hash algorithms as well.
It's true that for password authentication there's no real need to switch to a different algorithm at this point. However, a flaw in the algorithm is still a flaw in the algorithm. The fact that there aren't any computationally feasible implementations that reverse-calculate a collision (i.e. by knowing only what hash it should collide with rather than which plain-text that resulted in the hash) doesn't change that.
One approach to take when brute-forcing passwords could be to simply add random bytes to a stream until it collides and then using a collision-generator to generate a collision short enough to not be discarded by the password validation mechanism. Those with deeper insights into the MD5 algorithm could probably come up with which bytes to add to make it collide faster, but it still means brute-forcing an MD5 password of considerable length is down from months to mere hours.
All this is ofcourse theory. I don't know enough cryptography to determine what is possible and what isn't, but since SHA1 hasn't been broken (yet) and there are enough open and free implementations of it to go around I'm a bit surprised to find that MD5 is considered for use in new applications.
/exon -------------------------------------------------------------------------------Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- MD5 math question Jeff Robertson (Jan 03)
- Re: MD5 math question Chris Varenhorst (Jan 03)
- Re: MD5 math question Tim (Jan 03)
- RE: MD5 math question Vipul Kumra (Jan 04)
- Memo: Re: MD5 math question tim . m . james (Jan 04)
- Re: MD5 math question Charles Miller (Jan 05)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 06)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 07)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Charles Miller (Jan 06)
- <Possible follow-ups>
- FW: RE: MD5 math question Vipul Kumra (Jan 04)
- Re: FW: RE: MD5 math question Chuck (Jan 06)
- RE: MD5 math question Navroz Shariff (Jan 04)
- RE: MD5 math question Jeff Robertson (Jan 07)