Re: [Friendly Attack Request] How fast can someone crack MD5?
worsel_at_c112927lin.svinfra.compuware.com
Date: 06/08/04
- Next message: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Previous message: Mike: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- In reply to: Lew Pitcher: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Next in thread: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Reply: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Jun 2004 14:01:39 -0400
>> How effective is MD5 in practice?
>> This is an invitation for a friendly attack to get a sample
>> of how fast an MD5 of a casual passphrase can be cracked. ...
> You /do/ realize that an MD5 value is *not* an encryption of data, but a
> 'checksum' (a 'Message Digest', in fact), don't you?
I understand that MD5 is a 128 bit message digest with a strength
of ~125(?) bits. Consequently, there are ~10^38 distinct values.
> This means that there's no way to reverse an MD5 value into the
> plaintext that was used to generate it, for the same reasons that you
> will never be able to reverse the value 35 into a well known passage
> from the Old Testament of the Bible.
>> The passphrase is a proper single sentence of 20 to 25 words, ...
>> only printable characters ... linefeed, no mispellings, ...
If used randomly, an ordinary vocabulary of 2000 words would produce
~10^76 distinct values for a strength of ~252 bits.
In practice, a proper single sentence has much less latitude, but is
far easier to remember without writing down. Attacks take advantage
of these predictabilities. I believe the rule of thumb without
proper nouns or numbers is ~4 bits/word which implies a strength of
~100 bits, comparable to MD5.
The object of the exercise is to find out whether the strength of
such easy-to-remember sentences are in fact comparable to MD5's limits
or if there is an unknown (to me) vulnerability in their use.
Thank you,
--
- Next message: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Previous message: Mike: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- In reply to: Lew Pitcher: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Next in thread: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Reply: Jem Berkes: "Re: [Friendly Attack Request] How fast can someone crack MD5?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
