Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?
Date: Sun, 28 Aug 2005 10:29:35 +1000
Joe Peschel wrote:
> Crypto@S.M.S wrote in news:firstname.lastname@example.org:
>>Joe Peschel wrote:
>>>>>No I'm saying that no one said he could crack it "within the hour"
>>>>>as Crypto@S.M.S. suggested.
>>>>Certainly. Assuming a common passphrase length of around 20
>>>>characters, and assuming it is English, this will have 20-30 bits of
>>>>entropy, MD5 will be enough to uniquely identify each of these, and
>>>>MD5 can be effectively reversed under these circumstances in under 1
>>>>hour. This will yield the entire original passphrase, leading
>>>>immediately to a complete compromise. So 1 hour.
>>>If, you look closely, Jonez, you will see that in the material you
>>>cited above, Joe Ashwood did not say he could crack it "within the
>>>hour," even though Crypto@S.M.S., by his placing of quotation marks,
>>>pretended Ashwood said it.
>>In that case, what does he mean by "complete compromise"?
> You'd have to ask Ashwood. But I'd said he meant exactly what he wrote.
> My objection was to your inaccurate direct quoting of Ashwood. If you're
> going to use a direct quote, you better be sure he said exactly what you
You are one who placed quotation marks. See above.
I posted the text of his claim that he can reverse MD5,
and I will do it again:
"...MD5 will be enough to uniquely identify each of these,and MD5 can
be effectively reversed under these circumstances in under 1 hour."
In a completely different article, he changes his position, referring to
how "my break" does not even use collisions:
" My break didn't even actually use the MD5 attacks, instead it was
based on generating and hashing each of the 2^47 different possible
values until one collides."