Re: Can anyone break MD5 scheme?

From: flur (flur@flurnet.org)
Date: 12/01/02

  • Next message: Chris S: "Re: Question on Blocking an ISP." 
    Date: Sat, 30 Nov 2002 19:13:30 -0500
To: security-basics@securityfocus.com
From: flur <flur@flurnet.org>

    Perhaps a less controversial solution to get your linux box online would be
    to designate an older machine running MS Windows as a router... There is
    lots of software that will do this for you (ie Sygate, WinRoute, etc). With
    few access list rules you can make the router quite transparent, and it can
    serve as your first line of defense.

    As for MD5, to the best of my knowledge, brute force is the only way to
    'crack' it... however I have heard rumors that some implementations are
    weaker then others.

    At 06:03 AM 11/28/2002 +0800, you wrote:
    >I paid a high monthly fee for my PPPOE connection. The damned ISP offered
    >only the client for M$ Windows. According to the packet dump, they use
    >CHAP for authorization and the CHAP challenge said it used MD5. But when
    >rp-pppoe MD5s the string of Identifier+Secret+Challenge Value, the
    >concentrator said the response is wrong.
    >
    >Apparently the ISP-offered client is not going with the RFC 1994 standard
    >for CHAP and obviously I cannot get their source code by social engineering.
    >
    >/Is there a way to break the MD5? Or anyway around ? /I need to know my
    >ISP's digest scheme to get my Linux box online. I lived in a
    >higly-sensored country and who knows what the offered client will do
    >behind my back? Thanks in advance for my safety (not privay).
    >
    >__________________________________________________
    >Do You Yahoo!?
    >Everything you'll ever need on one web page
    >from News and Sport to Email and Music Charts
    >http://uk.my.yahoo.com

    ____________________ __ _
    ~FluRDoInG flur@flurnet.org
                                 http://www.flurnet.org
    KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
    1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4

    Relevant Pages

    • Re: Can anyone break MD5 scheme?
      ... Perhaps a less controversial solution to get your linux box online would be ... to designate an older machine running MS Windows as a router... ...
      (Security-Basics)
    • Suse 9.3 networking problem.
      ... I am a newbie to the Linux world, well, relatively anyway. ... Windows XP i decided to jump in the deepend and dedicate my laptop to ... boxes joined together by a Netgear MR814 router running a DHCP server. ...
      (alt.os.linux.suse)
    • Re: DNS trouble - last hope
      ... to see what DNSes your using with windows. ... /etc/resolv.conf file and change it to use the same DNSes. ... > through the messages on Usenet on my linux PC is now a sorrowful ordeal ... > we both have an ADSL connection, shared through a router. ...
      (comp.os.linux.networking)
    • Re: DNS trouble - last hope
      ... to see what DNSes your using with windows. ... /etc/resolv.conf file and change it to use the same DNSes. ... > through the messages on Usenet on my linux PC is now a sorrowful ordeal ... > we both have an ADSL connection, shared through a router. ...
      (comp.os.linux.misc)
    • Re: Linux is Doomed to Fail As a Desktop Operating System.
      ... > relevence of Linux in the community. ... > A simple example is online travel reservation systems that are used my ... > It is all Windows based. ... > USB devices that come with software that only works with Windows. ...
      (alt.os.linux)