Re: MD5 for passwords

From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
Date: 31 Oct 2006 07:21:09 GMT

Ivan Voras <ivoras@xxxxxxxxxx> writes:

In light of (fairly recent) attacks on MD5, is it still safe enough to
use in password hashing, for example in unix-passwd-like salted password
hashes?

The Unix password hashes that use md5 do not use raw md5 they use a n
extremely convoluted series of operations including multiple uses of md5.
The best attack is still a dictionary search.

Related to this, how do attacks vary with the length of hashed string
(pre-image)? I'd guess that longer documents more vulnerable, but is it
true?

They don't. there are an infinity of strings which hash to that same value.
Most have more than 128 bits.
If your string is less than 128 bits, then exhaustive search is still the
best bet.

.

References:
- MD5 for passwords
  - From: Ivan Voras

Prev by Date: Re: Notice: My 2nd crypto book finished :-)
Next by Date: Re: Notice: My 2nd crypto book finished :-)
Previous by thread: Re: MD5 for passwords
Next by thread: Re: MD5 for passwords
Index(es):
- Date
- Thread

Relevant Pages

Re: MD5
... > In PHP there is MD5 function it converts strings to MD5 encription, ... MD5 is not ment as an encryption to be decrypted, but only as a signature. ... Message digest algorithms have much in common with techniques ...
(comp.lang.php)
Re: converting md5 to string
... features is the ability to compare hashes which are represented as strings. ... md5_digest with the string md5 read from a file as described above. ... I understand my assert statement was misleading, but the intention of the code was to demonstrate what I was trying to accomplish, not compile. ...
(comp.programming)
Re: reversing hash ?
... If Say I took password A and encrypted it with some sort of MD5 Hash, ... "9583442647", insted of generating strings of 10 bytes, generate two strings ... I've set up a delphi program that I guess does some Brute ...
(sci.crypt)
Re: converting md5 to string
... the ability to compare hashes which are represented as strings. ... If you notice I am using the openssl/md5.h implementation of computing an md5. ... md5_digest will contain the MD5 hash of the file. ...
(comp.programming)
Re: converting md5 to string
... features is the ability to compare hashes which are represented as strings. ... md5_digest with the string md5 read from a file as described above. ...
(comp.programming)