> The paper is NOT about MD5 password hashes. > > The paper is about creating two documents with the > same MD5 hash. > I'm not sure but even the problem of taking a random > hash and creating a > document with that particular hash is unsolved. > > This has little or no significance when it comes to > md5 password > hashing which is a completely different beast > altogether. [snip] > Right. But at this point there is nothing to suggest > even a theoretical > attack on MD5 password hashing. > > The only reason why we sat together and defined a SHA > based password hash > with other vendors is because of the "MD5 is broken, > therefor MD5 password > hashing must be broken also" knee-jerk reaction which > is more a sign of the > immaturity of the computer security industry than > anything else.
What you're basically saying is, if you can't fathom how somebody could use the information from that document to brute force an MD5 hash, it doesn't have anything to do with it. You do know that busting MD5 hashes is as easy as cutting & pasting them into Google? This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
