• Welcome to Valhalla Legends Archive.
 

The death of MD5

Started by Skywing, November 14, 2005, 01:53 PM

Previous topic - Next topic
Print
|
Go Down Pages 1 2 3 4 5
User actions

iago

#30
November 18, 2005, 06:20 PM
Ok, that's pretty much what I figured.  Hashing it with the IP is probably the best plan, if I had to choose. 

But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

My point?  MD5 is still ok for storing passwords for webapps, in general. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

dxoigmn

#31
November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare? I wish there was a nice standard for hashing client-side (i.e. <input type="password" hash="md5"> or something).

iago

#32
November 18, 2005, 11:21 PM
Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

dxoigmn

#33
November 19, 2005, 12:11 AM
Quote from: iago on November 18, 2005, 11:21 PM
Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..

But most sites use SSL to encrypt the whole stream.

iago

#34
November 19, 2005, 02:09 AM
Quote from: dxoigmn on November 19, 2005, 12:11 AM
Quote from: iago on November 18, 2005, 11:21 PM
Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..

But most sites use SSL to encrypt the whole stream.

I can't think of any normal sites that use SSL.  eCommerce sites do, obviously.  And porn sites do, which I suppose is a form of eCommerce.  But it's definitely not common. 
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Mephisto

#35
November 29, 2005, 10:24 PM
Code Select
MD5CALC(MD5CALC(data)+data) = secure md5

tA-Kane

#36
November 29, 2005, 11:09 PM Last Edit: November 29, 2005, 11:11 PM by tA-Kane
Quote from: Mephisto on November 29, 2005, 10:24 PM
Code Select
MD5CALC(MD5CALC(data)+data) = secure md5
Except not. If MD5CALC(Data) == MD5CALC(FalsifiedData), then MD5CALC(MD5CALC(Data)+Data) == MD5CALC(MD5CALC(FalsifiedData)+FalsifiedData) == MD5CALC(MD5CALC(Data)+FalsifiedData) == MD5CALC(MD5CALC(FalsifiedData)+Data)
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

Mephisto

#37
November 29, 2005, 11:30 PM
Quote from: tA-Kane on November 29, 2005, 11:09 PM
Quote from: Mephisto on November 29, 2005, 10:24 PM
Code Select
MD5CALC(MD5CALC(data)+data) = secure md5
Except not. If MD5CALC(Data) == MD5CALC(FalsifiedData), then MD5CALC(MD5CALC(Data)+Data) == MD5CALC(MD5CALC(FalsifiedData)+FalsifiedData) == MD5CALC(MD5CALC(Data)+FalsifiedData) == MD5CALC(MD5CALC(FalsifiedData)+Data)


:(

EpicOfTimeWasted

#38
November 30, 2005, 01:19 AM
Quote from: Mephisto on November 29, 2005, 10:24 PM
Code Select
MD5CALC(MD5CALC(data)+data) = secure md5

MD5 is broken... calling it multiple times doesn't make it any less broken.

Maddox

#39
December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.
asdf.

dxoigmn

#40
December 02, 2005, 01:19 PM
Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Maddox

#41
December 03, 2005, 04:33 AM
Quote from: dxoigmn on December 02, 2005, 01:19 PM
Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Ok?
asdf.

dxoigmn

#42
December 03, 2005, 04:04 PM Last Edit: December 03, 2005, 04:08 PM by dxoigmn
Quote from: Maddox on December 03, 2005, 04:33 AM
Quote from: dxoigmn on December 02, 2005, 01:19 PM
Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Ok?

Well let me outline the main points:


  • One-way hash functions are supposed to have two properties.
  • One, they're one-way.
  • Two, they're collision-free.
  • Breaking a hash function means showing that either -- or both -- of those properties aren't true.

You might argue that mathematically no hash function can be collision free. But that isn't the point. The point is it should be sufficiently difficult to find such a collision. Well no longer is it difficult. "Attacks always get better; they never get worse."

tA-Kane

#43
December 03, 2005, 08:09 PM
Quote from: dxoigmn on December 03, 2005, 04:04 PM
[li]Two, they're collision-free.[/li]
Not so much collision-free (since that'll be pretty much impossible for any source value longer than the length of the hash) as relatively impossible to locate collisions in a timely manner (eg, even a few years is too soon).
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

dxoigmn

#44
December 03, 2005, 08:25 PM
Quote from: tA-Kane on December 03, 2005, 08:09 PM
Quote from: dxoigmn on December 03, 2005, 04:04 PM
[li]Two, they're collision-free.[/li]
Not so much collision-free (since that'll be pretty much impossible for any source value longer than the length of the hash) as relatively impossible to locate collisions in a timely manner (eg, even a few years is too soon).

Yea, I said that in my post...
Print
|
Go Up Pages 1 2 3 4 5
User actions