Skip site navigation (1) Skip section navigation (2)

Re: md5 collision generator

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Wim Bertels <wim(dot)bertels(at)khleuven(dot)be>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: md5 collision generator
Date: 2005-11-16 15:29:09
Message-ID: 5967.1132154949@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-admin
Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> writes:
> the sourcecode of a md5 collision generator has been released,
> it takes about 45 minutes to generate.
> ..so to an "eve" with this knowledge md5 is almost the same as plain text..

Really?

The fact that you can construct pairs of strings with matching md5
hashes does not mean that you can find a string with the same md5 hash
as a given string.

The existence of this algorithm is disturbing, since it implies that MD5
is weaker than people thought, but it IS NOT a useful password cracker,
and there's no reason for immediate panic.

			regards, tom lane

In response to

Responses

pgsql-admin by date

Next:From: Kevin GrittnerDate: 2005-11-16 15:38:40
Subject: Re: ERROR: could not read block
Previous:From: Wim BertelsDate: 2005-11-16 13:25:44
Subject: md5 collision generator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group