Posted by Andy Hassall on 09/04/05 22:23

On 4 Sep 2005 09:43:57 -0700, "R. Rajesh Jeba Anbiah"
<ng4rrjanbiah@rediffmail.com> wrote:

>Andy Hassall wrote:
>> This breaks MD5's use in verifying the contents/integrity of a file by
>> checking the data's MD5 hash (since you can now modify the contents and tweak
>> it to produce the same MD5 hash), but unless I'm missing something it doesn't
>> affect the usage in passwords; it doesn't help in deriving from scratch a
>> plaintext that produces a given MD5 hash?
>
> Collision of hashes help brute force attacks. For example, if the
>string of length 100's hash collides with string of length 10's hash,
>it makes the cracking easy.

But how does that make it any easier to find from scratch a plaintext that
produces a given MD5? The fact that there exist collisions in MD5 is obvious
due to the pigeonhole principle, but it doesn't cut down your search space in
any meaningful or predictable way?

Surely a different class of weakness is required to affect MD5's usage in
passwords, i.e. some property of the MD5 hash value allowing deduction of some
property of the possible plaintext values that could have produced it, reducing
the brute force search space - AFAIK no such weakness has yet been found.

The fact that most user's passwords are probably 5-7 characters, consisting of
characters [A-Za-z0-9], means brute forcing the search space is not beyond the
realms of possibility with enough storage is still an issue, but it's not a new
one, and is partially addressed by salting.

--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

[Back to original message]