MD5 for passwords

From: Ivan Voras <ivoras@xxxxxxxxxx>
Date: Mon, 30 Oct 2006 23:27:14 +0100

In light of (fairly recent) attacks on MD5, is it still safe enough to
use in password hashing, for example in unix-passwd-like salted password
hashes?

Related to this, how do attacks vary with the length of hashed string
(pre-image)? I'd guess that longer documents more vulnerable, but is it
true?
.

Follow-Ups:
- Re: MD5 for passwords
  - From: Joseph Ashwood
- Re: MD5 for passwords
  - From: Unruh
- Re: MD5 for passwords
  - From: David Wagner

Prev by Date: Re: What does the MAC in IES or ECIES achieve ?
Next by Date: Re: Notice: My 2nd crypto book finished :-)
Previous by thread: What does the MAC in IES or ECIES achieve ?
Next by thread: Re: MD5 for passwords
Index(es):
- Date
- Thread

Relevant Pages

Re: MD5 for passwords
... how do attacks vary with the length of hashed string ... The password hash is NOT MD5, just as the old Unix crypt 3 is not des. ... MD5 password hashing system out there? ...
(sci.crypt)
Re: Rainbow Tables
... http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/ (LM hashes) ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Audit your website security with Acunetix Web Vulnerability Scanner: ...
(Pen-Test)
Re: Strong Passwords & Password Cracking (Final Version?)
... >> increase the number of attacks they're attempting by a similar amount. ... The old DES hashes have 2^56 possibilities. ... The white hats are able to put ... > black-hats we would not have these problems. ...
(comp.security.misc)
cryptostuff tutorial update - Key Derivation
... common algorithms, ECB abd CBC modes, padding, ... applications, attacks. ... Hashes: common algorithms. ...
(sci.crypt)