Re: Lost password + MD5 ? — PHP Programming Language

You are here: Re: Lost password + MD5 ? « PHP Programming Language « IT news, forums, messages

Posted by Erwin Moller on 09/05/05 11:25

Andy Hassall wrote:

<snip>

>>So: effectively MD5 is broken. Do not use it.
>
> OK, so the MD5 collision attack is based on already having plaintext A
> and
> hash M, and being able to produce a different plaintext B that has the
> same hash M.

No,

The MD5-attack is based on having ONLY the md5-hash.
If you had StringA already, you were ready already with the 'cracking',
since StingA contains the original password. :-)

The point is that giving a certain MD5-Hash, you can come up with some
String as input that produces the same MD5-hash.

An example:
You password is 'verySecret'
md5('verySecret') -> asgfjhasgfjhgsadfj

Some Bad Guy ONLY gets hold of the md5-hash (asgfjhasgfjhgsadfj).
Based on this String (s)he can produce another string that also produces
asgfjhasgfjhgsadfj.
for example:
md5Cracker('asgfjhasgfjhgsadfj ') -> 'hhgttg'

md5('hhgttg') -> asgfjhasgfjhgsadfj

Regards,
Erwin Moller

Navigation:

Next in forum: Re: Lost password + MD5 ?
Prev in forum: Re: Lost password + MD5 ?
Thread view: Re: Lost password + MD5 ?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация