[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 50 attacks... [NOISE]

At 05:31 AM 10/20/95 -0700, [email protected] wrote:
>To date, MD5 appears to be a secure hash.  If you manage to find a way
>to reverse it, please let us all know.

There are a couple of analytically known collisions, and a birthday attack
can generate more after a mere 2**64 tries or so; for some applications, 
this can be a problem (e.g. a if a collision between real input and
random-trash input can let you get the system to do something unexpected
by handing it the random-trash input.)

Also, you can easily MD5-hash a dictionary of a billion wimpy passphrases
to let you catch people who use wimpy passphrases, and similarly hash
a dictionary of a billion reasonably-probable plaintexts for applications
that have reasonably-probable plaintexts that leave the hashes in plain view
(e.g. checksums for messages like "send $X to account Y"); this kind of
attack works for any hash, including cryptographically strong hashes,
as long as the system being attacked lets you crack it by reversing a hash
and doesn't use salt in its hashes.

>Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
>we *do* anything.  --  Washington DC motto          | [email protected]

But Washington not doing anything is *good* :-)
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281