SecurityFocus

MD5 To Be Considered Harmful Someday Dec 06 2004 11:29PM
Dan Kaminsky (dan doxpara com) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:46AM
Joel Maslak (jmaslak antelope net) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:19PM
Jack Lloyd (lloyd randombit net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:43PM
Jack Lloyd (lloyd randombit net)

MD5 To Be Considered Harmful Today Dec 08 2004 01:39AM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:23PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:40PM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:36PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 07 2004 10:54PM
Gandalf The White (gandalf digital net) (4 replies)

RE: MD5 To Be Considered Harmful Someday Dec 08 2004 04:01AM
David Schwartz (davids webmaster com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:30PM
George Georgalis (george galis org) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 04:36AM
Gandalf The White (gandalf digital net) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Keith Oxenrider (koxenrider sol-biotech com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:17PM
Solar Designer (solar openwall com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 10:03PM
Dan Kaminsky (dan doxpara com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 11 2004 07:26PM
Solar Designer (solar openwall com)

Re: MD5 To Be Considered Harmful Someday Dec 09 2004 01:47AM
Pavel Kankovsky (peak argo troja mff cuni cz)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:48PM
Paul Wouters (paul xtdnet nl) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 11:23PM
Adam Shostack (adam homeport org)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:52PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:05PM
Paul Wouters (paul xtdnet nl)

On Wed, 8 Dec 2004, Dan Kaminsky wrote:

>> Can't we just truncate the password to 8 characters like in the old days
>> before doing the MD5 hash? It will greatly reduce the chance of a
>> collision.
>> In fact, I am not even sure my systems don't do this already.
>>
> Actually, this greatly increases the chance of a collision. 123456789 will
> collide with 123456780.

I was talking about limiting the input, not the output. I assumed it would
be more difficult to find a collision when there are less degrees of freedom
in the input.

What I realised after my mail though, is that it is probably pretty easy to
prebuild a dictionary of all 8 character combinations and their MD5 sums.

Paul

[ reply ]

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:51AM
Joel Maslak (jmaslak antelope net) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 07:22PM
Steve Friedl (steve unixwiz net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 12:13AM
Tim (tim-security sentinelchicken org) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:35PM
Dragos Ruiu (dr kyx net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 06:52PM
David F. Skoll (dfs roaringpenguin com)

Re: MD5 To Be Considered Harmful Someday Dec 05 2004 11:04PM
Ruth A. Kramer (rhkramer fast net)