| From: | Wim Bertels <wim(dot)bertels(at)yucom(dot)be> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: md5 collision generator |
| Date: | 2005-11-16 17:53:28 |
| Message-ID: | 1132163609.9204.21.camel@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, 2005-11-16 at 18:31 +0100, Wim Bertels wrote:
> On Wed, 2005-11-16 at 10:29 -0500, Tom Lane wrote:
> > Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> writes:
> > > the sourcecode of a md5 collision generator has been released,
> > > it takes about 45 minutes to generate.
> > > ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> >
> > Really?
> >
> > The fact that you can construct pairs of strings with matching md5
> > hashes does not mean that you can find a string with the same md5 hash
> > as a given string.
> >
> > The existence of this algorithm is disturbing, since it implies that MD5
> > is weaker than people thought, but it IS NOT a useful password cracker,
> > and there's no reason for immediate panic.
>
> agreed, the given "picture" was too simple
looked around a bit,
didn't know it was so easy:
http://www.antsight.com/zsl/rainbowcrack/#Rainbow%20Table
http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg_md5_loweralpha-numeric,1-8.txt
plaintext of a1668f5f1ca8bb7214be760580a17dba is cf4sl1q5 ..
>
> >
> > regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2005-11-16 18:11:21 | Re: ERROR: could not read block |
| Previous Message | Matthew D. Fuller | 2005-11-16 17:43:10 | Re: md5 collision generator |