Re: MD5 for password hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Megginson wrote:
Del wrote:

Rich Megginson wrote:

We hope to have another binary release by the end of the week. We've just got a couple of bug fixes to go.



Hi Rich,

<prod>!

http://directory.fedora.redhat.com/wiki/Download has pointers to new
releases (Fedora Directory Server 1.0) but the links all give me 404's.

So are we getting closer to that binary release?


Closer . . .

You do realize that MD5 has been _fully_ broken now, don't you? And I'm not talking about dictionary attacks; I'm talking about a fast mathematical attack vector on the algorithm itself.


An interesting demonstration here:

http://www.doxpara.com/?q=node&from=10


Collision generators here:

http://www.stachliu.com/collisions.html

The new and improved collision generator:

http://www.stachliu.com/md5coll.c

"Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour"
	- out of reach for most people

"New average run time on P4 1.6ghz PC - 45 minutes"
	- within reach for nearly everyone


Now, storing md5 doesn't seem much safer than storing crypt.

--
mike

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux