Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: MD5 To Be Considered Harmful Someday
.

  • To: Gandalf The White <[EMAIL PROTECTED]>
  • Subject: Re: MD5 To Be Considered Harmful Someday
  • From: Paul Wouters <[EMAIL PROTECTED]>
  • Date: Wed, 8 Dec 2004 21:48:00 +0100 (MET)
  • Cc: [EMAIL PROTECTED], Dan Kaminsky <[EMAIL PROTECTED]>, BugTraq <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]>
.
 
On Tue, 7 Dec 2004, Gandalf The White wrote:


What I am worried about is the integrity of MD5 hashed passwords.  This



It does not matter that I don't know the correct password, I have a password
that collides into the correct hash.  I can log into the system with my
generated password.


Can't we just truncate the password to 8 characters like in the old days
before doing the MD5 hash? It will greatly reduce the chance of a collision.
In fact, I am not even sure my systems don't do this already.

Paul
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.