Yes. Unless salting is used, a given password becomes the same md5 string every time. So, if two users have the same password, you can find out by matching equal md5 hashes. You can't reverse the hash (it is one-way...) but you can do the same technique you use with other hashed passwords to crack them, like traditional UNIX passwords: compare the target md5 hash to hashes of common passwords. When you get a match, you've found the password. I don't know the speed comparison of md5 versus the 25 rounds of DES done on a UNIX password, but I imagine it's faster. Do the new RedHat 6.x md5 passwords utilize salting? -Jason On Wed, 23 Feb 2000, Javier Romero wrote: > Date: Wed, 23 Feb 2000 11:59:16 -0500 > From: Javier Romero <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: MD5 > > Hi Sirs. > > Is posible unveil MD5 passwords? > > If it is so, How time take it? > > Thx. > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > AT&T Wireless Services IT Security UNIX Security Operations Specialist - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
