what form of "MD5 passwords" was meant? use of keys and MD5 in an HMAC-like construction can be better than other possible uses if one is talking about use in a protocol (such as HTTP digest). Joe Touch did some MD5 performance tests some years ago and got about 700 Mbps on ~ 200 MHz alphas, as I recall. But this testing was aimed at determining network throughput for an integrity check, not at how fast one can push small input sizes through and do comparisons. i don't know if any algorithms to find collisions are practical for attacking particular applications. -paul --On Wednesday, 23 February, 2000 13:27 -0800 Jason Axley <[EMAIL PROTECTED]> wrote: > Yes. Unless salting is used, a given password becomes the same md5 > string every time. So, if two users have the same password, you can > find out by matching equal md5 hashes. > > You can't reverse the hash (it is one-way...) but you can do the same > technique you use with other hashed passwords to crack them, like > traditional UNIX passwords: > > compare the target md5 hash to hashes of common passwords. When you get > a match, you've found the password. I don't know the speed comparison of > md5 versus the 25 rounds of DES done on a UNIX password, but I imagine > it's faster. > > Do the new RedHat 6.x md5 passwords utilize salting? > > -Jason > > On Wed, 23 Feb 2000, Javier Romero wrote: > >> Date: Wed, 23 Feb 2000 11:59:16 -0500 >> From: Javier Romero <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] >> Subject: MD5 >> >> Hi Sirs. >> >> Is posible unveil MD5 passwords? >> >> If it is so, How time take it? >> >> Thx. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
