On Tue, 2007-02-06 at 11:39 +0200, Peter wrote:
> On Tue, 6 Feb 2007, Amos Shapira wrote:
>
> > On 06/02/07, Peter <[EMAIL PROTECTED]> wrote:
> >>
> >> 1. There are no irreversible single-factor functions. There are
> >> functions that are difficult to reverse now but may not be tomorrow.
> >> This is already proven for MD5 and SHA-1.
> >
> > If by that you refer to examples of being able to find two or more different
> > messages with the same MD5 or SHA-1 digest then you are right, but it's
> > still impossible to take a SHA-1 digest of limited number of bits and
> > reverse it to the original message, fortunately.
>
> Yes of course but if someone manages to fake being 'you' when logging in
> to a $pay service using a duplicated md5 authentication then it is
> called 'irreversibly broken' <pun> imho. That is not yet the case afaik
> but ...
Not only is this not the case now, its massively harder to do then
simply coming up with two messages that digest to the same hash. So much
more harder, that I'm going to assume that it cannot be done in the
lifetime of a message digest algorithm (and MD5 is still being widely
used and will continue to be so in the near future).
In order for me to sign in to your account using a duplicated MD5
authentication (as you put it), not only do I have to know what your
password MD5 hash to - which can be prevented easily and almost no one
sends MD5 hashes to/from the client in the clear - I have to then guess
a secret that hashes to that MD5, effectively reversing the hashing
function (for the purpose of authentication, it doesn't matter if I
reverse the hash and get your secret, or get a different secret that
hashes to the same digest). In short - What Amos said.
--
Oded
::..
Shaw's Principle:
Build a system that even a fool can use, and only a fool will want
to use it.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
