> >What you're basically saying is, if you can't fathom how somebody could use >the information from that document to brute force an MD5 hash, it doesn't >have anything to do with it.
No, that's not at all what I am saying, and you don't seem to understand a few of the basic concepts here. E.g., "brute force" has nothing to do with the paper; any hashing algortimh can be brute forced in theory,if you disregard certain facts about the size and the age of the known universe. The paper, however, is not about "brute force"; it's about a break of MD5 when applied to hash documents; MUCH quicker than brute force. Now when it comes to password hashing, things are very different. As with DES which has several weaknesses which make the key strength somewhat less than the 56 bits, there still is no better algorithm than brute force for cracking DES passwords. (But there are only 2^56 different passwords so brute forcing them is feasible) The reason for this is that the crypt() routines calls DES 25 times and uses the password as the *key*. It always encrypts the same plain text (all 0s) and as such it does not allow the standard attacks against DES to be performed on the encrypted passwords So what we have is: theoretical break in DES -> password hashing with DES NOT weaker. The same applies to the md5 password hashes: the md5 algorithm is run many times and in order to reverse the password you will need to find a matching cleartext with certain properties (it starts with the same standard text and then adds in the md5 hash from the step before) for a certain md5 hash and that 1000 or more times (each for every step of the algorithm). The theoretical break does not allow for finding even one such hash; it allows only to construct two documents with the same hash and that is quite a bit different. >You do know that busting MD5 hashes is as easy as cutting & pasting them into >Google? Do you have any idea how big a number 2^128 (the number of possible md5 hashes) is? Do you REALLY thing they can all be found with google? What would you do when you find a hash which matches the password file? You can't use it as password because the md5 hash stored is NOT the hash of the password but rather the result of a rather lengthier process of mixing bits. Brute force is the only option for md5 hashes; standard methods like crack will for for this if you plugin a new crypt algorithm. However, the key space is not longer 2^56, a number which can easily be brute forced, (a million computers doing a million cracks per second each would be finished within a day), but the rather longer 2^128. (a billion computers doing a billion cracks per second each would require 10^13 years to complete the task) Casper Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
