In message <[email protected]>, "O. Hartmann" writes:
>MD5 seems to be compromised by potential collision attacks. No it is not. Single MD5 invocations with controlled plaintext allow you to construct appendages to the plaintext, which would result in identical MD5 hash values. This does not affect your passwords. 1. If you already know peoples password, why futz with the encryption of them ? 2. MD5 password hash is not single invocation, in fact MD5 i iterated more than a thousand times in various permutations. Nobody has any idea how to break that, short of brute force. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [email protected] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
