Skip site navigation (1) Skip section navigation (2)

Re: md5 collision generator

From: Wim Bertels <wim(dot)bertels(at)yucom(dot)be>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: md5 collision generator
Date: 2005-11-16 17:53:28
Message-ID: 1132163609.9204.21.camel@localhost.localdomain (view raw or flat)
Thread:
Lists: pgsql-admin
On Wed, 2005-11-16 at 18:31 +0100, Wim Bertels wrote:
> On Wed, 2005-11-16 at 10:29 -0500, Tom Lane wrote:
> > Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> writes:
> > > the sourcecode of a md5 collision generator has been released,
> > > it takes about 45 minutes to generate.
> > > ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> > 
> > Really?
> > 
> > The fact that you can construct pairs of strings with matching md5
> > hashes does not mean that you can find a string with the same md5 hash
> > as a given string.
> > 
> > The existence of this algorithm is disturbing, since it implies that MD5
> > is weaker than people thought, but it IS NOT a useful password cracker,
> > and there's no reason for immediate panic.
> 
> agreed, the given "picture" was too simple

looked around a bit, 
didn't know it was so easy:
http://www.antsight.com/zsl/rainbowcrack/#Rainbow%20Table
http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg_md5_loweralpha-numeric,1-8.txt
plaintext of a1668f5f1ca8bb7214be760580a17dba is cf4sl1q5 ..

> 
> > 
> > 			regards, tom lane


In response to

pgsql-admin by date

Next:From: Kevin GrittnerDate: 2005-11-16 18:11:21
Subject: Re: ERROR: could not read block
Previous:From: Matthew D. FullerDate: 2005-11-16 17:43:10
Subject: Re: md5 collision generator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group