Date: Wed, 18 Aug 2004 17:46:48 -0600 From: Brett Glass <brett@lariat.org> To: chris-freebsd@randomcamel.net, freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 Message-ID: <6.1.1.1.2.20040818174540.08540a60@localhost> In-Reply-To: <20040818205440.GL9800@zot.electricrain.com> References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <41239B0C.1000703@rdslink.ro> <20040818182957.GK346@cowbert.net> <20040818205440.GL9800@zot.electricrain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:54 PM 8/18/2004, Chris Doherty wrote: >what you can do, if you have a proper attack formula, is find *a* message >that produces *that one hash*. that is, if I have message M which produces >hash H, I can use the attack to find *a* message M' which will also >produce hash H. The thing is, passwords are short and have limited entropy. Chances are, if you find a password that produces the same hash, it's M. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.1.1.2.20040818174540.08540a60>