• Welcome to Valhalla Legends Archive.
 

The death of MD5

Started by Skywing, November 14, 2005, 01:53 PM

Previous topic - Next topic

iago

Ok, that's pretty much what I figured.  Hashing it with the IP is probably the best plan, if I had to choose. 

But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

My point?  MD5 is still ok for storing passwords for webapps, in general. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


dxoigmn

Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare? I wish there was a nice standard for hashing client-side (i.e. <input type="password" hash="md5"> or something).

iago

Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


dxoigmn

Quote from: iago on November 18, 2005, 11:21 PM
Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..

But most sites use SSL to encrypt the whole stream.

iago

Quote from: dxoigmn on November 19, 2005, 12:11 AM
Quote from: iago on November 18, 2005, 11:21 PM
Quote from: dxoigmn on November 18, 2005, 07:40 PM
Quote from: iago on November 18, 2005, 06:20 PM
But back to the MD5 thing: passwords stored in MD5 in cookies don't help you any unless you want to find a collision with his password for a different site that only accepts plaintext password, then compares it to MD5, which isn't really realistic. 

Don't most sites accept a plain-text password, hash it server-side and compare?
Yeah, but if you're doing that you're sending your password plaintext over the network, so if you can sniff their traffic it doesn't matter if you can break md5..

But most sites use SSL to encrypt the whole stream.

I can't think of any normal sites that use SSL.  eCommerce sites do, obviously.  And porn sites do, which I suppose is a form of eCommerce.  But it's definitely not common. 
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Mephisto

MD5CALC(MD5CALC(data)+data) = secure md5

tA-Kane

#36
Quote from: Mephisto on November 29, 2005, 10:24 PM
MD5CALC(MD5CALC(data)+data) = secure md5
Except not. If MD5CALC(Data) == MD5CALC(FalsifiedData), then MD5CALC(MD5CALC(Data)+Data) == MD5CALC(MD5CALC(FalsifiedData)+FalsifiedData) == MD5CALC(MD5CALC(Data)+FalsifiedData) == MD5CALC(MD5CALC(FalsifiedData)+Data)
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

Mephisto

Quote from: tA-Kane on November 29, 2005, 11:09 PM
Quote from: Mephisto on November 29, 2005, 10:24 PM
MD5CALC(MD5CALC(data)+data) = secure md5
Except not. If MD5CALC(Data) == MD5CALC(FalsifiedData), then MD5CALC(MD5CALC(Data)+Data) == MD5CALC(MD5CALC(FalsifiedData)+FalsifiedData) == MD5CALC(MD5CALC(Data)+FalsifiedData) == MD5CALC(MD5CALC(FalsifiedData)+Data)


:(

EpicOfTimeWasted

Quote from: Mephisto on November 29, 2005, 10:24 PM
MD5CALC(MD5CALC(data)+data) = secure md5

MD5 is broken... calling it multiple times doesn't make it any less broken.

Maddox

How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.
asdf.

dxoigmn

Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Maddox

Quote from: dxoigmn on December 02, 2005, 01:19 PM
Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Ok?
asdf.

dxoigmn

#42
Quote from: Maddox on December 03, 2005, 04:33 AM
Quote from: dxoigmn on December 02, 2005, 01:19 PM
Quote from: Maddox on December 02, 2005, 12:07 PM
How is this the death of MD5?

What this does is generate two sets of data that have the same hash.  You can't generate false data from a given hash using this.

http://www.schneier.com/essay-074.html

Ok?

Well let me outline the main points:


  • One-way hash functions are supposed to have two properties.
  • One, they're one-way.
  • Two, they're collision-free.
  • Breaking a hash function means showing that either -- or both -- of those properties aren't true.

You might argue that mathematically no hash function can be collision free. But that isn't the point. The point is it should be sufficiently difficult to find such a collision. Well no longer is it difficult. "Attacks always get better; they never get worse."

tA-Kane

Quote from: dxoigmn on December 03, 2005, 04:04 PM
[li]Two, they're collision-free.[/li]
Not so much collision-free (since that'll be pretty much impossible for any source value longer than the length of the hash) as relatively impossible to locate collisions in a timely manner (eg, even a few years is too soon).
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

dxoigmn

Quote from: tA-Kane on December 03, 2005, 08:09 PM
Quote from: dxoigmn on December 03, 2005, 04:04 PM
[li]Two, they're collision-free.[/li]
Not so much collision-free (since that'll be pretty much impossible for any source value longer than the length of the hash) as relatively impossible to locate collisions in a timely manner (eg, even a few years is too soon).

Yea, I said that in my post...

|