> -----Original Message----- > From: Dennis Dai [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 24 February 2000 7:13 AM > To: Javier Romero; [EMAIL PROTECTED] > Subject: RE: MD5 > > > I can't remember where I saw it on the web. They claimed to > be able to find > the original message from MD5 hash using a $10M machine in 10 > days. Anyone > elso got the URL? You might have read this from the RSA Cryptography FAQ (You can get there from www.rsa.com Here's the quote: Van Oorschot and Wiener [VW94] have considered a brute-force search for collisions (see Question 2.1.6) in hash functions, and they estimate a collision search machine designed specifically for MD5 (costing $10 million in 1994)could find a collision for MD5 in 24 days on average. The general techniques can be applied to other hash func-tions. > > > -----Original Message----- > > From: Javier Romero [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, February 23, 2000 8:59 AM > > To: [EMAIL PROTECTED] > > Subject: MD5 > > > > Hi Sirs. > > > > Is posible unveil MD5 passwords? Yes. > > > > If it is so, How time take it? Depends if your password is "Javier". ;) > > > > Thx. But seriously, the most common attacks on MD5 passwords will be guessing attacks. Given that most user passwords live in [a-zA-Z0-9] it's much easier to do it that way than using some majick NSA MD5-o-tron. The use of salts prevents large precomputed files being used to crack your passwords in seconds flat (so I'm assuming a big "Yes" to the guy who asked if Linux MD5 passwords still use salts) and mean that the hashes need to be computed for each password. If your password turns up in a cracking dictionary then it will all be over in seconds. If it is a derivative or if it inhabits [a-zA-Z0-9] then it might take an hour or two or a fast box. If you use a good password then it depends on the patience of the attacker. There is no hard and fast rule, unfortunately. > > > > - > > [To unsubscribe, send mail to [EMAIL PROTECTED] with > > "unsubscribe firewalls" in the body of the message.] > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] Cheers, -- Ben Nagy Network Consultant, CPM&S Group of Companies PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
