On Wed, Aug 25, 2004 at 12:44:43AM +1000, Daniel Pittman wrote: > Also, while there are issues with those hash algorithms, I don't think > they are quite bad enough that there is a significant *immediate* risk > to my systems; the cost of breaking in through the detected collisions > is lower than the risk of a bad password, etc.
I think you meant s/cost/risk/ there. And I thoroughly agree -- it still appears to be far easier to brute-force check the poor-password-space than it is to reverse-generate an equivalent plaintext given a random MD5 hash. - Matt
signature.asc
Description: Digital signature