httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: md5crypt passwords
Date Wed, 20 Jun 2012 21:59:12 GMT


Am 20.06.2012 23:52, schrieb Stefan Fritsch:
>> you do not need the original password!
>> you only need a hash-collision and can leave out
>> special chars completly to find one
> 
> You need a password that gives the same value after 1000 rounds of 
> md5(password md5(password md5(password ...))). This is much more 
> expensive to find with brute force than a password that gives a 
> collision for a single md5

everybody with crypto knowledge will explain you that you
are totally wrong - i can only try in my words!

in the context of a hash-collision and rainbow-tables
you need any string producing the same hash, no matter
if 1, 10 or 1000 times md5() recursion

there is a reason why even the developer of md5crypt
saw the need for a offical statement that md5crypt
should never again be considered as secure in any case!

-------- Original-Nachricht --------
Betreff: CVE-2012-3287: md5crypt is no longer considered safe
Datum: Fri, 8 Jun 2012 00:04:49 GMT
Von: phk@FreeBSD.org
An: bugtraq@securityfocus.com

The LinkedIn password incompetence has resulted in a number of "just use md5crypt and you'll
be fine" pieces of
advice on the net.

Since I no longer consider this to be the case, I have issued an official statement, as the
author of md5crypt, to
the opposite effect:

http://phk.freebsd.dk/sagas/md5crypt_eol.html

Please find something better now.

Thanks for using my code.

Poul-Henning Kamp


Mime
View raw message