mailing list archives
Re: Determining the encryption used
From: Phoebe Tunstall <foibey () gmail com>
Date: Fri, 12 May 2006 20:42:44 +0100
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 12 May 2006 12:48:48 -0400
Tim <tim-pentest () sentinelchicken org> wrote:
For the purpose of a one-way function, neither MD5 nor SHA1 has been
broken. AFAIK, they are only vulnerable to collision attacks, not first
preimage or second preimage attacks, which rely on different properties.
Using these functions for specific purposes (such as hashing passwords)
is perfectly fine right now.
I'm don't know a lot about these matters, but I was under the impression that if a password verification system is
checking passwords against a hash table, all you needed was a collision (as this would hash to the correct value in the
table and the comparison of the two would return true).
Is this really naive?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----