The death of MD5

Skywing · November 14, 2005, 01:53 PM

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038719.html

Looks like it's time to move anything you have still using MD5 away from it. 45 minutes to generate a collision on a slow P4 is about as broken as you can get, makes it completely useless for any practical purposes now.

rabbit · November 14, 2005, 06:46 PM

Wow...a post...from Skywing...

Anyways,

QuoteAverage runtime on P4 1.6ghz - 5 seconds

Damn....but I guess it's still good for a hash of a program, as I assume it would be pretty hard to get executable code (or whatever) to collide with other other executable code.

Warrior · November 14, 2005, 07:38 PM

* Warrior runs to update his website.

!

Newby · November 14, 2005, 08:09 PM

Wow...

Blaze · November 14, 2005, 08:16 PM

Quote from: Warrior on November 14, 2005, 07:38 PM
* Warrior runs to update his website. !

I told you! Now what I thought would happen, actually did.

Warrior · November 14, 2005, 08:18 PM

Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.

dxoigmn · November 14, 2005, 08:38 PM

Now to see what the experts say about this. I'm surprised there was no discussion for that thread.

DeTaiLs · November 14, 2005, 09:05 PM

Quote from: Warrior on November 14, 2005, 08:18 PM
Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.

Aint sha1 the structure of MD5 I could be wrong but that is what it says on wiki.

Topaz · November 14, 2005, 10:33 PM

Wasn't MD5 cracked last year? hm...

Newby · November 14, 2005, 10:52 PM

Quote from: Topaz on November 14, 2005, 10:33 PM
Wasn't MD5 cracked last year? hm...

Not with a mechanism for a 45 minute collision...

Kp · November 15, 2005, 06:32 PM

Quote from: rabbit on November 14, 2005, 06:46 PM
Wow...a post...from Skywing...

Anyways,
QuoteAverage runtime on P4 1.6ghz - 5 seconds
Damn....but I guess it's still good for a hash of a program, as I assume it would be pretty hard to get executable code (or whatever) to collide with other other executable code.

No, not at all. Programs are routinely quite large these days, and it's no trouble at all to pad your .rdata segment with whatever bytes are necessary to get the hash you want. Failing that, put the colliding bytes into your .text segment and just ensure that the code flow never tries to execute it.

noob · November 15, 2005, 07:46 PM

It may have been cracked, but that doesn't make it useless. DES is still used after all.

Yegg · November 15, 2005, 07:49 PM

Quote from: noob on November 15, 2005, 07:46 PM
It may have been cracked, but that doesn't make it useless. DES is still used after all.

It's safer to move onto newer, more advanced hashing algorithm's however.

iago · November 15, 2005, 08:46 PM

Quote from: Skywing on November 14, 2005, 01:53 PM
makes it completely useless for any practical purposes now.

I disagree. As far as I know, there's still no practicle way (without a full brute force) to obtain the original data of MD5 based on the hash. In other words, it's still safe for storing passwords.

Quote from: Warrior on November 14, 2005, 08:18 PM
Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.

You're replacing a dead algorithm with a dying algorithm. Not a good idea :-P

I'd recommend that you start storing the SHA1 of the MD5. The advantages are:
- Extra layer of security; even though if both are broken then together they're broken, it'll still keep away the riff raff.
- You don't have to make people re-sign up. Just SHA1() their MD5() hashes.
But if you're using it to store a password, I still don't think it's an issue. Odds are, for most passwords, it can be bruteforced with a dictionary attack anyways

Warrior · November 15, 2005, 08:55 PM

Yea, I thought of that after I posted.