Re: Insecure Hash Algorithms (MD5) and NTLMv2
From: Daniel Miessler (daniel_at_dmiessler.com)
Date: 11/02/05
- Previous message: coryrc: "Re: Sniffing on a switch"
- In reply to: Thierry Zoller: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Next in thread: Steve Friedl: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Reply: Steve Friedl: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Nov 2005 00:43:13 -0500 To: Thierry Zoller <Thierry@Sniff-em.com>
On Nov 1, 2005, at 6:46 AM, Thierry Zoller wrote:
> DM> Just because MD5 has become "relatively" weak in recent months
> DM> doesn't mean that it's trivial to create/find collisions using it.
>
> http://www.doxpara.com/t1.html
> http://www.doxpara.com/t2.html
Hmm, yes, there are plenty of examples like the ones you've
highlighted, but they all have something in common -- the input AND
the output are known (chosen plaintext?)
That's the issue here when trying to crack password hashes is trying
to find the input to the algorithm. Now, I'm not following this scene
much, but unless you can easily create random strings that hash to a
given MD5 output (when you don't know what the original input was),
then we haven't gained much in terms of breaking NTLMv2 hashes in my
view.
Am I missing something here?
-- Daniel R. Miessler M: daniel@dmiessler.com W: http://dmiessler.com G: 0x316BC712
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: coryrc: "Re: Sniffing on a switch"
- In reply to: Thierry Zoller: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Next in thread: Steve Friedl: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Reply: Steve Friedl: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
