MD5 - Not as safe as once believed

[chsh]

Originally posted here by The Grunt
Slack uses it by default IIRC.

No, it doesn't.

[Striek]

I think the technical infeasibility of generating a specific file to match a specific MD5 sum is irrelevant. Try to prove the integrity of your evidence in a courtroom using MD5 sums, and watch the defence come up with two files like this. Now watch yourself stutter and stammer.

No jury cares how technically infeasible it is. They see two different files with the same signature and they see an unreliable algorithm. Therefore they see compromised evidece, or at least reasonable doubt.

Which, for all intents and purposes, makes MD5 about as useful as CRC32 in a courtroom now.

[gore]

Slackware = DES I think.

[The Grunt]

DES?

[gore]

Most Linuxes I've seen default with DES. MD5 and Blowfish are an option. DES means compatible with more OSs, while Blowfish isn't, but to me I would rather use Blowfish.

[thehorse13]

Erm, since when do *nixes use MD5 to store passwords? Have I been asleep?

Do I really have to answer that? LOL.

Actually, I think it's more of a matter of you not being born yet. There are many older *nix systems that use MD5 to hash passwords. We have several of these dinosaurs as do many Governments.

I think you are failing to recognize the actual scope of the issue.

You are focusing solely on the technical implications. My point is that the technical ramifications are shadowed (for now) by the legal ones. As someone pointed out, a NIST approved hashing algorithm will no longer hold water in court, or in my case, Government. I don't think it's outside of reason to believe that someone will indeed find a way to further exploit collisions.

Additionally, your dislike for Tripwire seems misguided given that it can use other hashing algorithms.

My dislike for Tripwire lies with their sales clowns telling me that they offer an impenetrable product when in fact we all know there are papers freely available that detail how to beat Tripwire. This isn't, in my opinion, misguided. However, to be fair, yes, they do offer additional hashing algorithms.


As always, nice doin business with ya chsh.

[Maestr0]

I would just like to note that MD5 was developed in '91 by good ole RR. To avoid the export restrictions on DES (The UNIX default) some BSDs(Free maybe?) use MD5 by default.. As far as MD5, this is not a preimage attack its a collision and theoritcally all hashes have collisions,so take that to court,. Hash functions are NOT encryption fucntions, Anyone relying on a HASH function only without an actual encryption routine is not a real attempt at security anyhow.


P.S. Tim_Axe is the only person in this thread who appears to know WTF he's talking about,


-Maestr0

[chsh]

Originally posted here by thehorse13
Do I really have to answer that? LOL.
Actually, I think it's more of a matter of you not being born yet. There are many older *nix systems that use MD5 to hash passwords. We have several of these dinosaurs as do many Governments.

Yes, you do because really, your response here is contrary to your wildly exaggeratory "almost every *nix on the planet". It's an OPTION, not a DEFAULT, and I would wager not widely in use.
Oh, FYI, I was born in 1981, well before the advent of MD5, since you are evidently too lazy to read my profile. I even used unixes back in the early 90s too.

You are focusing solely on the technical implications. My point is that the technical ramifications are shadowed (for now) by the legal ones. As someone pointed out, a NIST approved hashing algorithm will no longer hold water in court, or in my case, Government. I don't think it's outside of reason to believe that someone will indeed find a way to further exploit collisions.

I was focusing on the technical implications because that was where my disagreement lay. Of course in court it will be an issue, I agree with that.
At any rate, some of what you posted is blatantly overblown:

To better understand my issue, let's say that you have some PWs that are hashed and you are able to mod a PW to match the original MD5 hash, the new PW you set will work so you no longer have to brute force or crack PWs that are MD5 hashed. This is only one example of collisions (other algorythms have the same issue) but think of what will happen when exploits/softwarez come out that allow for quick controlled collisions.

Show me a collision for a 30 character password, then one for a 20 character password, then one for a 10 character password. I will be genuinely surprised.

[Striek]

P.S. Tim_Axe is the only person in this thread who appears to know WTF he's talking about,

And does that make you smarter because you were, in your own insignifigant opinion, able to realize that?

What difference does it make if I don't know what I'm talking about? That's why I come here. If I post anything incorrectly, I would hope that somebody points out my error. If everyone knew what they were talking about, nobody would come here. Do you think you're insulting us by telling us this, or that this is some kind of epiphany for us?

BTW, Horsey has already forgotten more than you will ever know in this matter. The fact that you can quote a few historacal and Googleable facts in a discussion forum proves nothing. Telling us all that we know nothing also proves nothing except the fact that you somehow believe that you can make that judgement.

And just for your sake, hash algorithms and public key encryption algorithms are essentially the same thing. They're what peope call one way algorithms, meaning that in both cases, one cannot compute the original input (i.e. the original message or the prime factors of a private key) if one knows only the output (i.e. the digest or the public key).

I am aware that I know nothing. That's why I'm here. My education is nothing but the continued discovery of my own ignorance.

In the future, please confine your insults to private messages where they will not degrade this forum.

[Soda_Popinsky]

Show me a collision for a 30 character password, then one for a 20 character password, then one for a 10 character password. I will be genuinely surprised.

If it were possible, wouldn't it be seen in a rainbow table? I wonder how big the biggest rainbow table is...