At 05:31 AM 10/20/95 -0700, tomw@engr.sgi.com wrote:
To date, MD5 appears to be a secure hash. If you manage to find a way to reverse it, please let us all know.
There are a couple of analytically known collisions, and a birthday attack can generate more after a mere 2**64 tries or so; for some applications, this can be a problem (e.g. a if a collision between real input and random-trash input can let you get the system to do something unexpected by handing it the random-trash input.) Also, you can easily MD5-hash a dictionary of a billion wimpy passphrases to let you catch people who use wimpy passphrases, and similarly hash a dictionary of a billion reasonably-probable plaintexts for applications that have reasonably-probable plaintexts that leave the hashes in plain view (e.g. checksums for messages like "send $X to account Y"); this kind of attack works for any hash, including cryptographically strong hashes, as long as the system being attacked lets you crack it by reversing a hash and doesn't use salt in its hashes.
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@engr.sgi.com
But Washington not doing anything is *good* :-) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---