[Care2002-developers] MD5 vs. DES (+knoppix-installer)

Wed, 25 Feb 2004 18:55:09 -0800

The following summary was prepared in the context of a work for the Knoppix developers ring.
As Care2x also uses the MD5 algorithm to validate its users I thought that it could be of some use to also post it here.

-------- Original Message --------
Subject: Re: [debian-knoppix] Re: MD5 vs. DES (+knoppix-installer)
Date: Thu, 26 Feb 2004 02:44:18 +0000
From: plasticdoc
Reply-To:
To: Fabian Franz <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Fabian Franz wrote:

Well, I will read some of them, although I'm really short of time :-/

I will try to summarize:

Some other software projects currently use MD5 to verify the identity of
its users. Given an input string, for instance made off  as “login name”
and “password”, it produces a fixed length output string.  This output
string has some special characteristics that, in theory, make it very
difficult to reverse the process and find the original input string.

In those projects when a user logs into the program he is asked for a
login name and a password. Those strings are immediately processed with
MD5 and the result may be stored somewhere for future use. If the user
forgets his password or login name it is very difficult to recover the
lost information and usually the user is reset by the system
administrator to a new password. When compared with other procedures MD5
is an order of magnitude safer.

But some study of the MD5 algorithm must be made to evaluate its value
in the context of its intended use to protect the access to confidential
personal information.

The MD5 algorithm, meaning Message Digest 5, was described by Rivest in
1991 and intended to be used as a general good quality Hashing Function
with the following characteristics:
It is a one way One Way Hash Function (OWHF), meaning that it has the
following properties:
 1. it is easy to compute (no need to use specially fast  hardware),
 2. it is able to compress an arbitrary length message to a fixed
length output string,
 3. it has pre-image resistance, i.e., given an output it is hard to
find a corresponding input,
 4. it has 2nd pre-image resistance, i.e., given an input/output pair
it is hard to find a second of computation computationally

Theoretically, it has also a Collision Resistant Hash Function (CRHF),
meaning that it has all the above properties plus:
 5. collision resistance, i.e., it is hard to find any two inputs that
provide the same output,
 6. collisions are computationally hard to identify.

Practice has evidenced some problems with MD5:
 1. Pseudo-collisions for the compression function have been described
by Bosselaers (1993)
 2. Collisions for the compression function have been described by
Dobbertin (1996)

So it is now regarded as best practice not to use MD5 as an Collision
Resistant Hash Function. It is now feasible to break MD5 in under 6
hours with a plain vanilla 3 GHz  i86 family CPU. And as these attacks
have the potential to be "parallelizable", I guess that in many
enterprises it should be possible to use available computers as a
cluster (for instance with openmosix), and in that case the break-in
would be a matter of minutes (!!!).

Other algorithms were proposed as more robust alternatives.
That was the case of HAVAL and RIPEMD,  but also SHA (in various bit
lengths). The current best choices seem to be:
1.  HAVAL, which is an improved derivative of MD5, described by Zheng,
Pieprzyk, and Seberry in a 1992 paper.
2. RIPEMD, which was born as a result of an EU initiative and was first
described in 1993. It seems that RIPEMD-160, an 160 bit version of
RIPEMD, is also a very popular alternative to MD5.

I do prefer HAVAL but, be warned, neither MD5, HAVAL nor RIPEMD are used
by the Intelligence or Military communities for any serious work, so the
message seems to be clear...

Also take note that in the USA, most of those algorithms are considered
weaponry, so if you visit the USA take care not to leave with software
containing them, or you risk to be arrested when you leave the USA.

Best regards,

J. A.





-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers

Reply via email to