Re: md5 collision generator - Mailing list pgsql-admin

From Wim Bertels
Subject Re: md5 collision generator
Date
Msg-id 1132163609.9204.21.camel@localhost.localdomain
Whole thread Raw
In response to Re: md5 collision generator  (Wim Bertels <wim.bertels@khleuven.be>)
List pgsql-admin
On Wed, 2005-11-16 at 18:31 +0100, Wim Bertels wrote:
> On Wed, 2005-11-16 at 10:29 -0500, Tom Lane wrote:
> > Wim Bertels <wim.bertels@khleuven.be> writes:
> > > the sourcecode of a md5 collision generator has been released,
> > > it takes about 45 minutes to generate.
> > > ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> >
> > Really?
> >
> > The fact that you can construct pairs of strings with matching md5
> > hashes does not mean that you can find a string with the same md5 hash
> > as a given string.
> >
> > The existence of this algorithm is disturbing, since it implies that MD5
> > is weaker than people thought, but it IS NOT a useful password cracker,
> > and there's no reason for immediate panic.
>
> agreed, the given "picture" was too simple

looked around a bit,
didn't know it was so easy:
http://www.antsight.com/zsl/rainbowcrack/#Rainbow%20Table
http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg_md5_loweralpha-numeric,1-8.txt
plaintext of a1668f5f1ca8bb7214be760580a17dba is cf4sl1q5 ..

>
> >
> >             regards, tom lane


pgsql-admin by date:

Previous
From: Scott Marlowe
Date:
Subject: Re: Suggested HW for postgres ?
Next
From: Colton A Smith
Date:
Subject: COPY and partitioning