1. No, but you can certainly find the numerous citations on why it
is weak hash.
I know why it is a weak hash, I was not implying it was strong but it
is still useful for many applications that still rely on it, for some
protocols that use mixed hashes [md5/sha, ...]. Not to mention that a
use coupled with salting for the master.passwd database isn't weak in
my opinion.
I think I missed the initial post as I thought the issue was tracking
previously used passwords and someone had indicating that you were
actually storing the passwords. Since it appeared to me they did not
understand that hashes were involved I started down this path. I
really was not trying to debate the strength of hashes in passwd
mechanism. Sorry to get this off topic so far.
2. No, as you are not a customer, we do not have custody of the
machine, and I have no desire to play games or to potentially
provide you access to a machine that is not yours.
haha, that was a good one :)
I *really* hoped you would paste a collision and prove me wrong ...
And yeah I *do* know it is possible but I was trying to make sure it
wasn't just "yet another crypto expert" talking ...
No just someone that does a lot of work with hashes. Mere mortals do
not do crypto -- we just use it. The reason I had said anything is
that when I do forensic work I used to just do MD5's of files, but it
has gotten called to task in court so we now use both MD5 and SHA1
hashes as it is NP-complete to find a collision in both of them for
the same file.
I never said it should not have MD5, although if you follow the
logic that removed telnet (as it should have been) then it should be
scheduled at sometime in the near future for removal.
read 1-, there is a difference between pro-active advocacy of new
protocols to deprecate old ones, and removal of a key feature upon
which many tools and protocols are still relying.
You have a valid point and again as I have gotten off topic I am
going to "tap out".
CU
Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[EMAIL PROTECTED] | www.securityposture.com
--------------------------------------------------------
'It is vain to do with more what can be done with fewer'
--------------------------------------------------------
-- This communication is confidential to the parties it was intended
to serve --
