Date: Sat, 30 May 1998 12:40:30 -0700 (PDT) From: Steve Reid <sreid@alpha.sea-to-sky.net> To: "J.A. Terranson" <sysadmin@mfn.org> Cc: "'Gary Palmer'" <gpalmer@FreeBSD.ORG>, Open Systems Networking <opsys@mail.webspan.net>, Cory Kempf <ckempf@enigami.com>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: RE: MD5 v. DES? Message-ID: <Pine.LNX.3.95.iB1.0.980530121236.20263A-100000@alpha.sea-to-sky.net> In-Reply-To: <01BD8BC3.962CBD80@w3svcs.mfn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 May 1998, J.A. Terranson wrote: > Within this context, I would submit that DES is the "better" > function, as it is not subject to "birthday" problems, I do realize > however, in the *real* world, this is probably not a *real* issue... As far as I know, all hash functions are subject to birthday attacks, including DES when it is used as a hash function. In fact, DES-based crypt is more vulnerable to birthday attacks than MD5, because the DES hash produces fewer bits. Birthday attacks don't really work against password files though: you'd need to have billions of users before you are likely to have two with different password/salt but the same DES hash. As for DES and MD5 being apples and oranges, that's not quite true. There are constructions to use block ciphers as hash functions, and constructions to use hash functions as block ciphers. Still, you are better off using the right tool for the job, which in the case of crypt is MD5 (when you have the choice). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.iB1.0.980530121236.20263A-100000>