[Openswan Users] MD5 cracked
alvaro_reguly at adplabs.com.br
Thu Aug 19 00:22:22 CEST 2004
I think you're right. Nobody thought that there's just 2^128 distinct
things to hash right? So, there *must* be colisions. Now, if given a
hash (say an entry in /etc/passwd) you could find which text(s)
generated it, then I'd be worried.
Carl Wilhelm Soderstrom wrote:
>On 08/19 01:29 , Jacco de Leeuw wrote:
>>I understand that MD5 has been cracked. Collisions have been found
>>which does not make MD5 suitable for general use anymore.
>>More info at: http://www.rtfm.com/movabletype/
>by the sound of it, it hasn't been 'cracked' the way MD4 has been (i.e. a
>simpler-than-brute-force attack has been found). it's just that some people
>claim to have a way to find collisions in the hashes; which is still a long
>way from being able to generate arbitrary traffic and insert it into a
>stream, or read an encrypted connection in a reasonable amount of time.
>Correct me if I'm wrong, please.
More information about the Users