On Sat, Mar 17, 2007 at 01:26:21PM +0100, Grzegorz B?ach wrote: > Brute-force algoritm with collision can take password 100 time faster > than brute-force without brute-force.
Again, password hashes are *not* simple MD5 hashes. They are not even simple salted MD5 hashes. That doesn't mean that a collision is not possible against them, but at least not the stnadard versions everyone is talking about. Joerg