| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: Just how secure is MD5?. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
Just how secure is MD5?
by unmanaged at 12:25 am EST, Feb 22, 2008 |
If you want some more in-depth reading jump on over here... MD5 To Be Considered Harmful Someday:
From Dan Kaminsky, a senior Senior Security Consultant for Avaya, and a part of the DoxPara Research team... http://www.doxpara.com/md5_someday.pdf
http://www.doxpara.com/research/md5/...ful-slides.pdf
http://www.doxpara.com/research/md5/confoo.pl Stach & Liu have some well document information on MD4/5 Collisions...
http://www.stachliu.com.nyud.net:809...ollisions.html We live in a world that has to much "security via obscurity" or a "don't ask don't" tell policy on security problems... Even back in 2005 MS and Big Bill's Boys banned the use of DES/MD4/MD5 on their projects, but even SHA1 and other systems they have chosen are still looking to be prone to attack.
I dug up a little info for this reply to someone... Can anyone provide some more input on the problems with MD5 |
| |
RE: Just how secure is MD5?
by freakn at 1:34 am EST, Feb 22, 2008 |
unmanaged wrote:
I dug up a little info for this reply to someone... Can anyone provide some more input on the problems with MD5
Not sure if this is what you are refering to, but .... I have seen several online databases that have it so you can enter a MD5 hash in the search field, and within a second or two you get the original text. Some of the databases are not perfect (as in incomplete, but never wrong), but they have produced amazing results when I throw in MD5 hashes from password files and the such. Do a search on google for "MD5 cracker" and notice the online database ones. Keep in mind all these things are not brute forcing, but instead are just searching through a massive database of precompiled hash & plain text results. |
|
| |
RE: Just how secure is MD5?
by Decius at 8:21 am EST, Feb 28, 2008 |
unmanaged wrote: If you want some more in-depth reading jump on over here... MD5 To Be Considered Harmful Someday:
From Dan Kaminsky, a senior Senior Security Consultant for Avaya, and a part of the DoxPara Research team... http://www.doxpara.com/md5_someday.pdf
http://www.doxpara.com/research/md5/...ful-slides.pdf
http://www.doxpara.com/research/md5/confoo.pl Stach & Liu have some well document information on MD4/5 Collisions...
http://www.stachliu.com.nyud.net:809...ollisions.html We live in a world that has to much "security via obscurity" or a "don't ask don't" tell policy on security problems... Even back in 2005 MS and Big Bill's Boys banned the use of DES/MD4/MD5 on their projects, but even SHA1 and other systems they have chosen are still looking to be prone to attack.
I dug up a little info for this reply to someone... Can anyone provide some more input on the problems with MD5
You've pretty much covered it. Although rainbow tables of the sort Freakn describes can be created (and have) for simple values hashed with any hash, MD5 in particular was shown to have a flawn which made it easier to find two values which would hash to the same result. This problem was enough for people to being moving away from it's use, and there is now an NIST effort to come up with new hash algorithms as SHA-1 has also been attacked. The current best practice is to use SHA-512, but this is shacky ground presently. |
|
|
|
