[Openswan Users] MD5 cracked

Alvaro Reguly alvaro_reguly at adplabs.com.br
Thu Aug 19 00:22:22 CEST 2004

I think you're right. Nobody thought that there's just 2^128 distinct 
things to hash right? So, there *must* be colisions. Now, if given a 
hash (say an entry in /etc/passwd) you could find which text(s) 
generated it, then I'd be worried.


Carl Wilhelm Soderstrom wrote:

>On 08/19 01:29 , Jacco de Leeuw wrote:
>>I understand that MD5 has been cracked. Collisions have been found
>>which does not make MD5 suitable for general use anymore.
>>More info at: http://www.rtfm.com/movabletype/
>by the sound of it, it hasn't been 'cracked' the way MD4 has been (i.e. a
>simpler-than-brute-force attack has been found). it's just that some people
>claim to have a way to find collisions in the hashes; which is still a long
>way from being able to generate arbitrary traffic and insert it into a
>stream, or read an encrypted connection in a reasonable amount of time.
>Correct me if I'm wrong, please.

More information about the Users mailing list