On Wed, 2005-11-16 at 18:31 +0100, Wim Bertels wrote: > On Wed, 2005-11-16 at 10:29 -0500, Tom Lane wrote: > > Wim Bertels <wim.bertels@xxxxxxxxxxx> writes: > > > the sourcecode of a md5 collision generator has been released, > > > it takes about 45 minutes to generate. > > > ..so to an "eve" with this knowledge md5 is almost the same as plain text.. > > > > Really? > > > > The fact that you can construct pairs of strings with matching md5 > > hashes does not mean that you can find a string with the same md5 hash > > as a given string. > > > > The existence of this algorithm is disturbing, since it implies that MD5 > > is weaker than people thought, but it IS NOT a useful password cracker, > > and there's no reason for immediate panic. > > agreed, the given "picture" was too simple looked around a bit, didn't know it was so easy: http://www.antsight.com/zsl/rainbowcrack/#Rainbow%20Table http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg_md5_loweralpha-numeric,1-8.txt plaintext of a1668f5f1ca8bb7214be760580a17dba is cf4sl1q5 .. > > > > > regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
