Richard Megginson wrote:
Del wrote:
Rich Megginson wrote:
We hope to have another binary release by the end of the week. We've
just got a couple of bug fixes to go.
Hi Rich,
<prod>!
http://directory.fedora.redhat.com/wiki/Download has pointers to new
releases (Fedora Directory Server 1.0) but the links all give me 404's.
So are we getting closer to that binary release?
Closer . . .
You do realize that MD5 has been _fully_ broken now, don't you? And I'm
not talking about dictionary attacks; I'm talking about a fast
mathematical attack vector on the algorithm itself.
An interesting demonstration here:
http://www.doxpara.com/?q=node&from=10
Collision generators here:
http://www.stachliu.com/collisions.html
The new and improved collision generator:
http://www.stachliu.com/md5coll.c
"Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour"
- out of reach for most people
"New average run time on P4 1.6ghz PC - 45 minutes"
- within reach for nearly everyone
Now, storing md5 doesn't seem much safer than storing crypt.
--
mike
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
