Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> writes:
> the sourcecode of a md5 collision generator has been released,
> it takes about 45 minutes to generate.
> ..so to an "eve" with this knowledge md5 is almost the same as plain text..
Really?
The fact that you can construct pairs of strings with matching md5
hashes does not mean that you can find a string with the same md5 hash
as a given string.
The existence of this algorithm is disturbing, since it implies that MD5
is weaker than people thought, but it IS NOT a useful password cracker,
and there's no reason for immediate panic.
regards, tom lane