Re: md5 collision



julissa.leones@xxxxxxxxxxxx wrote:

> What encription algorithm should i use for replacing the md5 for
> hasing?I understand that it was release the source code of the
> application that could make md5 collision

The best alternative at present is SHA256. If you want
less than 256 bits of hash, compute SHA256 and truncate
the result.

Note that the ability to produce collision pairs for MD5
is *not* fatal for applications like (1) password hashing
or (2) confirming that downloaded software matches the
official distribution, since both these uses
depend on the difficulty of finding a pre-image
for a specific hash.

--
Peter Pearson
To get my email address, substitute:
nowhere -> spamcop, invalid -> net

.



Relevant Pages

  • Re: Best way to encrypt password in database.
    ... Yep, that's the traditional way to do it, hash the password every logon ... If you password hashes ... The fix is to add a salt to thwart the rainbow tables and a have the ... Oh and BTW, never use MD5 for anything security related, it is broken ...
    (comp.lang.php)
  • Re: Rand generator (MD5)
    ... My micro cannot handle anything more than 32 bits! ... YOu do not have MD5. ... It does not sound to me like your hash implimentation is very ... void byteReverse(unsigned char *buf, unsigned longs); ...
    (sci.crypt)
  • Re: Rand generator (MD5)
    ... My micro cannot handle anything more than 32 bits! ... YOu do not have MD5. ... It does not sound to me like your hash implimentation is very ... void byteReverse(unsigned char *buf, unsigned longs); ...
    (sci.crypt)
  • Re: Best way to encrypt password in database.
    ... Yep, that's the traditional way to do it, hash the password every logon ... If you password hashes ... MD5 is not broken. ... Any of these one way hashes still needs a salt combined with it. ...
    (comp.lang.php)
  • Re: Best way to encrypt password in database.
    ... session some kind of hash is used to validate the session. ... though are weak passwords and rainbow tables... ... If you password hashes ... MD5 is not broken. ...
    (comp.lang.php)