• Welcome to Valhalla Legends Archive.
 

The death of MD5

Started by Skywing, November 14, 2005, 01:53 PM

Previous topic - Next topic

Skywing

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038719.html

Looks like it's time to move anything you have still using MD5 away from it.  45 minutes to generate a collision on a slow P4 is about as broken as you can get, makes it completely useless for any practical purposes now.

rabbit

Wow...a post...from Skywing...

Anyways,
QuoteAverage runtime on P4 1.6ghz - 5 seconds
Damn....but I guess it's still good for a hash of a program, as I assume it would be pretty hard to get executable code (or whatever) to collide with other other executable code.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Warrior

* Warrior runs to update his website. :(!
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

Newby

- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Blaze

Quote from: Warrior on November 14, 2005, 07:38 PM
* Warrior runs to update his website. :(!
I told you! Now what I thought would happen, actually did.
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

Warrior

Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

dxoigmn

Now to see what the experts say about this. I'm surprised there was no discussion for that thread.

DeTaiLs

Quote from: Warrior on November 14, 2005, 08:18 PM
Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.
Aint sha1 the structure of MD5 I could be wrong but that is what it says on wiki.



Topaz

Wasn't MD5 cracked last year? hm...

Newby

Quote from: Topaz on November 14, 2005, 10:33 PM
Wasn't MD5 cracked last year? hm...

Not with a mechanism for a 45 minute collision...
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Kp

Quote from: rabbit on November 14, 2005, 06:46 PM
Wow...a post...from Skywing...

Anyways,
QuoteAverage runtime on P4 1.6ghz - 5 seconds
Damn....but I guess it's still good for a hash of a program, as I assume it would be pretty hard to get executable code (or whatever) to collide with other other executable code.

No, not at all.  Programs are routinely quite large these days, and it's no trouble at all to pad your .rdata segment with whatever bytes are necessary to get the hash you want.  Failing that, put the colliding bytes into your .text segment and just ensure that the code flow never tries to execute it.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

noob

It may have been cracked, but that doesn't make it useless. DES is still used after all.

Yegg

Quote from: noob on November 15, 2005, 07:46 PM
It may have been cracked, but that doesn't make it useless. DES is still used after all.
It's safer to move onto newer, more advanced hashing algorithm's however.

iago

Quote from: Skywing on November 14, 2005, 01:53 PM
makes it completely useless for any practical purposes now.
I disagree.  As far as I know, there's still no practicle way (without a full brute force) to obtain the original data of MD5 based on the hash.  In other words, it's still safe for storing passwords. 

Quote from: Warrior on November 14, 2005, 08:18 PM
Good thing PHP has built in sha1(). I'll have to make everyone resign up though.

Not something top priority however.
You're replacing a dead algorithm with a dying algorithm.  Not a good idea :-P

I'd recommend that you start storing the SHA1 of the MD5.  The advantages are:
- Extra layer of security; even though if both are broken then together they're broken, it'll still keep away the riff raff.
- You don't have to make people re-sign up.  Just SHA1() their MD5() hashes. 
But if you're using it to store a password, I still don't think it's an issue.  Odds are, for most passwords, it can be bruteforced with a dictionary attack anyways :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Warrior

Yea, I thought of that after I posted.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?