Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: strong passwords
From: miha () nil si
Date: Tue, 9 Jul 2002 13:37:18 +0200
Barney Wolff wrote:


You're looking at the wrong number.  The Birthday Paradox means that
*if you have 2^64 things* you've got about a 50:50 chance of finding two
that hash to the same value.  But you still have to look at about
2^127 things to find one with a hash equal to a desired one.  You're
much wiser to attack the password itself than MD5.



Now, I don't have my copy of Applied Cryptography ready, but isn't 50:50 
chance much too high? If I remember correctly it is more in the lines of: 
birthday attacks are possible, just not very likely, but finding something 
that hashes to the same value as a specific text/password is next to 
impossible ( very hard ).

Yes/No/Maybe?

---
  Miha Vitorovic

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]