Richard Megginson wrote: > Del wrote: > >> Rich Megginson wrote: >> >>> We hope to have another binary release by the end of the week. We've >>> just got a couple of bug fixes to go. >> >> >> >> Hi Rich, >> >> <prod>! >> >> http://directory.fedora.redhat.com/wiki/Download has pointers to new >> releases (Fedora Directory Server 1.0) but the links all give me 404's. >> >> So are we getting closer to that binary release? > > > Closer . . . You do realize that MD5 has been _fully_ broken now, don't you? And I'm not talking about dictionary attacks; I'm talking about a fast mathematical attack vector on the algorithm itself. An interesting demonstration here: http://www.doxpara.com/?q=node&from=10 Collision generators here: http://www.stachliu.com/collisions.html The new and improved collision generator: http://www.stachliu.com/md5coll.c "Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour" - out of reach for most people "New average run time on P4 1.6ghz PC - 45 minutes" - within reach for nearly everyone Now, storing md5 doesn't seem much safer than storing crypt. -- mike
