| View previous topic :: View next topic |
| Author |
Message |
senshi
-
Joined: 05 Nov 2003
Posts: 385
Location: UK
|
 Posted: Fri Aug 27, 2004 1:23 pm Post subject: MD5 cracked |
 |
|
http://www.mail-archive.com/cryptography@metzdowd.com/msg02579.html
was pointed to on the net.
Now I have a question, because in a forum about that topic (link above), the discussion was talking about MD5 hashes in particular and that MD5 is not secure, it is a HASH and not a secure method of encrypting data that needs to be kept secure.
The article started the MD5 hash talk going. IM intrested in what Aprelium has to say about the subject of encrypting passwords, I am after all a bit disturbed by the fact that MD5 has been cracked. |
|
| Back to top |
  |
 |
aprelium-beta
-
Joined: 24 Jun 2004
Posts: 383
|
| Posted: Fri Aug 27, 2004 4:54 pm Post subject: Re: MD5 cracked |
|
|
senshi,
MD5 is not an encrytion algorithm. It is a hash generation algorithm. So there is no chance to recover the "hashed" data simply by reversing operations. If this was the case, you would recover a 1 GB file simply from its 128 bit MD5 hash!
The article you cite is speaking about a derivative of MD5 algorithm that is weak because its authors haven't used "good" initialization values. Abyss uses the standard MD5 algorithm as published by RSA (and as explained in the MD5 RFC) and doesn't depend on the platform endianness (as the article suggests with this derivative MD5.) So our implementation isn't affected by these problems (if it was, we can site at least 1000 other widely used applications that use the same algorithm and that would be affected.)[/list]
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
senshi
-
Joined: 05 Nov 2003
Posts: 385
Location: UK
|
| Posted: Fri Aug 27, 2004 8:01 pm Post subject: |
|
|
Ok.
Thanks for enlightening me. |
|
| Back to top |
|
|
|
