|
Penetration Testing
mailing list archives
Re: Insecure Hash Algorithms (MD5) and NTLMv2
From: Daniel Miessler <daniel () dmiessler com>
Date: Thu, 3 Nov 2005 23:44:39 -0500
On Nov 2, 2005, at 1:54 AM, Steve Friedl wrote:
The only weakness that's really in the air is Collision Resistance,
where we can produce two inputs with the same hash. This is of only
minor concern in a practical sense, though it certainly does mean that
blood is in the water and sharks are circling.
Exactly my point. To put it another way, the ability to create
collisions has no bearing on the ability of an attacker to find
unknown inputs to known hashes. Or, in the technical terms that you
highlighted, attacks against collision resistance don't necessarily
lead to attacks on preimage resistance.
Hence, for the purposes of breaking hashes to discover passwords,
NTLMv2 is not significantly affected by the recently discovered
weaknesses in the MD5 hashing algorithm.
--
Daniel R. Miessler
M: daniel () dmiessler com
W: http://dmiessler.com
G: 0x316BC712
Attachment:
PGP.sig
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
|
Intro
