SecurityFocus

MD5 To Be Considered Harmful Someday Dec 06 2004 11:29PM
Dan Kaminsky (dan doxpara com) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:46AM
Joel Maslak (jmaslak antelope net) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:19PM
Jack Lloyd (lloyd randombit net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:43PM
Jack Lloyd (lloyd randombit net)

MD5 To Be Considered Harmful Today Dec 08 2004 01:39AM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:23PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:40PM
Pavel Machek (pavel ucw cz) (1 replies)

Re: MD5 To Be Considered Harmful Today Dec 08 2004 10:36PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 07 2004 10:54PM
Gandalf The White (gandalf digital net) (4 replies)

RE: MD5 To Be Considered Harmful Someday Dec 08 2004 04:01AM
David Schwartz (davids webmaster com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:30PM
George Georgalis (george galis org) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Dan Kaminsky (dan doxpara com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 04:36AM
Gandalf The White (gandalf digital net) (3 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:44PM
Keith Oxenrider (koxenrider sol-biotech com)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:17PM
Solar Designer (solar openwall com) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 10:03PM
Dan Kaminsky (dan doxpara com) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 11 2004 07:26PM
Solar Designer (solar openwall com)

Re: MD5 To Be Considered Harmful Someday Dec 09 2004 01:47AM
Pavel Kankovsky (peak argo troja mff cuni cz)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:48PM
Paul Wouters (paul xtdnet nl) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 11:23PM
Adam Shostack (adam homeport org)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 08:52PM
Dan Kaminsky (dan doxpara com) (1 replies)

Paul Wouters wrote:

> On Tue, 7 Dec 2004, Gandalf The White wrote:
>
>> What I am worried about is the integrity of MD5 hashed passwords. This
>
>
>> It does not matter that I don't know the correct password, I have a
>> password
>> that collides into the correct hash. I can log into the system with my
>> generated password.
>
>
> Can't we just truncate the password to 8 characters like in the old days
> before doing the MD5 hash? It will greatly reduce the chance of a
> collision.
> In fact, I am not even sure my systems don't do this already.
>
Actually, this greatly increases the chance of a collision. 123456789
will collide with 123456780.

It is unlikely we'll find any ASCII readable payload that collide
through Wang's search technique.

--Dan

[ reply ]

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:05PM
Paul Wouters (paul xtdnet nl)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 01:51AM
Joel Maslak (jmaslak antelope net) (1 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 07:22PM
Steve Friedl (steve unixwiz net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 12:13AM
Tim (tim-security sentinelchicken org) (2 replies)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 09:35PM
Dragos Ruiu (dr kyx net)

Re: MD5 To Be Considered Harmful Someday Dec 08 2004 06:52PM
David F. Skoll (dfs roaringpenguin com)

Re: MD5 To Be Considered Harmful Someday Dec 05 2004 11:04PM
Ruth A. Kramer (rhkramer fast net)