> Amazing.
>
> Thanks for sharing that. It's a great example. :-)
You're very welcome! If it helps just one other developer avoid the same
pitfall, then today is a very good day. :-)
> Exactly, and this is why it's a good practice to use a seed when you
> generate MD5s for passwords.
Which is e
Murray @ PlanetThoughtful wrote:
The app in question was storing the md5 value of 4-digit PINs in the
background database, and the owners of the app were quietly confident that
this meant the PINs were 'encrypted' and 'secure'.
Amazing.
Thanks for sharing that. It's a great example. :-)
Of c
> In that framework there is no such thing as "decrypting" an MD5 digest,
> because an MD5 digest is not an encrypted version of the message to
> start with. No amount of CPU power will change this basic fact --
> though CPU power can be used to do a brute force search for strings
> which will gen
Richard Lynch wrote:
On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result i
On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
> That is incredibly interesting stuff, many thanks for that link! So the
> position seems to be that it may not be feasible to reverse MD5, but it
> is now feasible to create forged documents / binaries / whatever that
> result in exactly the sam
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result in exactly the same MD5 hash as the original.
I actually tried it out fo
On 4/22/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
> On Thu, April 21, 2005 10:28 am, Ryan A said:
> > Interesting reading, even though most of it went over my head :-)
> > There ar'nt any tools freely available to the average joe to decypher a
> > md5
> > hash though...right?
>
> No, there aren
If you are happy with infinite answers, I guess that is Ok. In practice,
since you would probably wouldn't expect numbers (or strings) infinetly
long, assuming that you just have N possible initial values, you would have
N/3 possible answers.
I thought the question was about getting one answer
> > It's more like a theoretical "hole" that may some day prove to be the
> > first step in a long long long process of understanding something that
> > might maybe some day yield a way to de-crypt MD5.
>
> That's exactly my point.
>
> It's similar to how a local root exploit sometimes evolves in
On 4/22/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
> It's more like a theoretical "hole" that may some day prove to be the
> first step in a long long long process of understanding something that
> might maybe some day yield a way to de-crypt MD5.
That's exactly my point.
It's similar to how a
I don't think that's right. Collisions allow certain kinds of
cryptographic attacks against things like MD5-based signatures but that
is not at all the same as being able to simply determine the original
message content from the digest. Rather, they allow you to substitute
the original message wi
On 21 Apr 2005 Greg Donald wrote:
> > Same thing with MD5, it
> > is just one way, it can't be reversed.
>
> MD5 collisions were found last year:
> http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
>
> Just a matter of time/cpu power.
I don't think that's right. Collisions allow certain
Hey,
> I really
> wouldn't sweat this in terms of your day-to-day life/programming,
> other than to keep your code modular enough to replace "md5" with
> something else in the year 2020 or whatever.
Thats fine by me, by 2020 the spaceship would have landed and I will be
declared
sub ruler of plan
On Thu, April 21, 2005 10:28 am, Ryan A said:
> Interesting reading, even though most of it went over my head :-)
> There ar'nt any tools freely available to the average joe to decypher a
> md5
> hash though...right?
No, there aren't.
And even the collisions found don't really mean much in the gr
Nope.. nothing that'll easily decrypt MD5 back to it's original value. As the
line below says and the rest of the thread explained, MD5 is a one-way
function. In ordre to take an MD5 hash and get back to the original value,
you'd basically have to take every possible combination of letters/num
Interesting reading, even though most of it went over my head :-)
There ar'nt any tools freely available to the average joe to decypher a md5
hash though...right?
Cheers,
-Ryan
On 4/21/2005 6:34:45 PM, Greg Donald ([EMAIL PROTECTED]) wrote:
> On 4/21/05, Satyam <[EMAIL PROTECTED]> wrote:
>
> >
On 4/21/05, Satyam <[EMAIL PROTECTED]> wrote:
> If I tell you that dividing a certain number by three gives you a remainder
> of 2, would you be able to guess the first number?
Yes. 5, 8, 11, 14, etc.
> Same thing with MD5, it
> is just one way, it can't be reversed.
MD5 collisions were found
17 matches
Mail list logo