[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root

"Craig R.P. Heath" writes:
>But that's the point - "probably".  There is some chance of collisions,
>we agree, but who knows whether there are more collisions with the
>libcrypt algorithm or with the MD5 algorithm?

You mean, within 8-character password space?  You have to quantify
this to mean anything.

>Neither of us, it would
>seem.  I just referred to the relatively recent discovery that there
>were more collisions with MD5 than people had previously thought, as

It's hardly recent, something like three years old, I think.  And, if
we are talking about the same discovery, it's NOT that there are "more
collisions with MD5 than people had previously thought", it was that
for some inputs it is possible to massage them to come up with two
similar inputs with the same hash.  All sample attacks were relatively
long, and the attack was just slightly more successful than a random

>an interesting point to demonstrate that no one has proved the MD5
>algorithm to be a better one.  I don't know if it is, you obviously
>don't know if it is, why don't we both shut up until someone comes
>along who does?

The whole point is moot because the "md5" password hash we use is only
based on md5 and has not been cryptanalyzed to the best of my knowledge.
There is no particularly good reason to believe that the quality of the
hash is not degraded over 1000 rounds.

However, the point I have been trying to make (without success?) is
that the attack you cite is NOT EFFECTIVE in terms of cracking passwords,
and says absolutely nothing about real md5's applicability in a password
situtation.  The attack is a complete non-issue.

I was reading sci.crypt at the time the attack was discovered and read
every post about it.  My memory may have faded in the meantime, but I'm
not completely clueless about it.  If you want to read about it, go to
dejanews and read up on it.

The reason that folks use the 1000-round md5 over crypt is NOT because
of an analysis of collisions, but because it allows more than 8 characters
to be used, because it is standard across many OS'es, and because MD5
*has* been analyzed and found resistant to the kinds of attacks that are
made against passwords, and most people who even understand that 1000
rounds of md5 are being done are willing to give the benefit of the doubt
that it's similar to straight md5 in quality, since md5's general 
performance as a stirring function has been analyzed and found to be good.

I'm sorry that my attempt to participate in this discussion has pissed
you off at me.  Your insistance that you own the thread and get to
control what questions are considered within it seems pretty offensive
to me.  Furthermore, the question you are trying to ask is too ill-formed
to admit an answer that doesn't involve asking more questions or making
assumptions about what you are trying to ask.


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []