Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: MD5 math question
From: Charles Miller <cmiller () pastiche org>
Date: Sat, 7 Jan 2006 11:26:20 +1100
On 06/01/2006, at 12:06 PM, exon wrote:


Charles Miller wrote:
From my back-of-the-envelope calculation, your intuition is misplaced. :) Even if you assume only 6 bits of variance per password character (which is just a-zA-Z0-9 plus two punctuation chars), that's 2^144 possible 24-character passwords. MD5 is a 128 bit hash, so that's 2^16 passwords for every hash value, or only a 1 in 65,000 chance that the first matching hash you come across in the password space is, in fact, the correct password.
Without knowing the correct password there is no way of knowing that the collision isn't it, and from a practical point of view it doesn't matter in the slightest.
It's unfeasable to brute-force 2^144 passwords anyway. It was just an intellectual exercise.
There is, however, a significant theoretical difference between "some data that hashes the same as a password" and the original password itself. Most people re-use passwords between different applications. The former will only be portable between apps that use the same hashing algorithm and salt, while the latter will work everywhere.
Considering the fact that MD5 has been broken though, I'm fairly surprised it even came up to discussion. It's not exactly hard to find info or even collision-generators.
The attack on MD5 is a collision attack, not a preimage attack. You can create differing messages with identical hashes, but you don't get to choose what that hash is. You can't match an existing hash any easier than you could before. 

http://www.cryptography.com/cnews/hash.html
This vulnerability makes MD5 unsuitable for certain cryptographic applications, but it makes no difference to MD5 as a password-hashing algorithm. The collision has to be generated by the person coming up with the original data to be hashed, and I can't think of any way someone could benefit from doing this on their own password. 

Charles

-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. 

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]