On Wed, 2005-11-16 at 18:31 +0100, Wim Bertels wrote:
> On Wed, 2005-11-16 at 10:29 -0500, Tom Lane wrote:
> > Wim Bertels <wim.bertels@khleuven.be> writes:
> > > the sourcecode of a md5 collision generator has been released,
> > > it takes about 45 minutes to generate.
> > > ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> >
> > Really?
> >
> > The fact that you can construct pairs of strings with matching md5
> > hashes does not mean that you can find a string with the same md5 hash
> > as a given string.
> >
> > The existence of this algorithm is disturbing, since it implies that MD5
> > is weaker than people thought, but it IS NOT a useful password cracker,
> > and there's no reason for immediate panic.
>
> agreed, the given "picture" was too simple
looked around a bit,
didn't know it was so easy:
http://www.antsight.com/zsl/rainbowcrack/#Rainbow%20Table
http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg_md5_loweralpha-numeric,1-8.txt
plaintext of a1668f5f1ca8bb7214be760580a17dba is cf4sl1q5 ..
>
> >
> > regards, tom lane
