Re: md5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Still.. that has nothing to do with how well known MD5 is (so I stand by my point).    All these databases are is a giant list of pre-MD5'd strings.  Brute force stuff, no magic behind it that allows for reversing MD5. You could technically do that with just about any crypto or hashing system.  Just happens that MD5 is one that's been focused on and more complicated systems would require exponentially more variables in what you'd have to enter.   For instance, you could do this with PGP, but I'm guessing you'd have to have at least two pass phrases and how many things go into generating the public and private keys, plus the message/file that was encrypted.  So for one short text string, you could possibly have a database as large as all the MD5 projects put together... but you could potentially do the same thing.   At that point it's highly prohibitive though.

I got the idea that MD5 really wasn't what he was looking for anyway, so going into detail about the security of it didn't seem fruitful.  I talk too much as it is. hah

This is a good point though.  MD5 isn't great security, particuarly with the databases like the one you mentioned, but most of us aren't storing national security documents.   As with security since the dawn of time, it's all a matter of how valuable is what you're protecting versus the cost of implementing a protection scheme.   7-11 doesn't hire secret service to protect against midnight robberies.

-TG



= = = Original message = = =

tg-php@xxxxxxxxxxxxxxxxxxxxxx wrote:
> So the fact that MD5 is a well known algorithm doesn't really make a difference 
> as far as security goes.
  
Except for the fact of the growing number of databases that will map the 
hashes back to the clear text (for example: http://md5.benramsey.com/)
Of course it is nice because it is a common implementation, and can be 
done on the server side, as well as the client side.




___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux