mailing list archives
Re: MD5 To Be Considered Harmful Someday
From: Gandalf The White <gandalf () digital net>
Date: Tue, 07 Dec 2004 22:36:27 -0600
Greetings and Salutations:
In my first e-mail I meant to congratulate Dan Kaminsky for the fine work
and write-up he did. Excellent.
On 12/7/04 10:01 PM, "David Schwartz" <davids () webmaster com> wrote:
From my reading it appears that you need the original source to create the
doppelganger blocks. It also appears that given a MD5 hash you could not
create a input that would give that MD5 back. Passwords encoded with MD5
would not fall prey to your discovery. Is this correct?
Correct. You will never be able to find the input given an MD5 hash. It
might be possible to, eventually, come up with an input that has the same
hash given just the hash, but you could never know if that was the original
input or not. (At least, not in general.)
That is the worry that I have for MD5 hashed passwords. It doesn't matter
that you get the *correct* password, just that you have input that will hash
(collide) to the correct MD5 hash.
What I am worried about is the integrity of MD5 hashed passwords. This
concern is for both Cisco and *NIX passwords. Lets say that I have a
"ThisIsMySecretPassphrase" MD5 = $1$Vjuf$t5QYnzXL0Sy4tThvqKDGa1
Lets say that I am very smart and I can use software that is able to
generate a collision in the passwords such that the MD5 hashes are the same,
say for example:
"AshEr37WesW28Er4E2" MD5 = $1$Vjuf$t5QYnzXL0Sy4tThvqKDGa1
It does not matter that I don't know the correct password, I have a password
that collides into the correct hash. I can log into the system with my
I just want to make sure that the MD5 hash passwords don't end up being as
easy to compute as the Cisco 7 passwords or the NTLM passwords. It actually
is beginning to sound like there might be enough of a hole in MD5 that "we"
(collectively) had better start working on SHA-2 hashed passwords ...
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html