OK, you're not really "breaking" md5. If the attacker already knows
the information being encrypted, then all you're testing is the
concatenation order- Surely the information is more important than the
order? md5 is a one way hash function, and so using an alternate
algorithm will provide no benefit whatsoever; you're just running
through 9 permutations.
Kind Regards,
Neil.
On 11/2/05, Mark R. Dingee <mark.dingee@cox.net> wrote:
> Mike & Tom,
>
> The script I'm using to "break" md5 presumes that the cracker knows the 3
> elements being concatenated together to form the plain-text sting which is
> then passed into md5. The method I'm using then begins running through
> various permutations. Do you believe that the methodology is appropriate or
> that I'm being a bit paranoid?
>
> Thanks
>
> On Tuesday 01 November 2005 05:13 pm, Tom Lane wrote:
> > "Mark R. Dingee" <mark.dingee@cox.net> writes:
> > > md5 works, but I've been able to
> > > brute-force crack it very quickly,
> >
> > Really? Where's your publication of this remarkable breakthrough?
> >
> > regards, tom lane
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 1: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
>
> On Wednesday 02 November 2005 04:26 am, Mario Splivalo wrote:
> > On Tue, 2005-11-01 at 17:13 -0500, Tom Lane wrote:
> > > "Mark R. Dingee" <mark.dingee@cox.net> writes:
> > > > md5 works, but I've been able to
> > > > brute-force crack it very quickly,
> > >
> > > Really? Where's your publication of this remarkable breakthrough?
> >
> > I'd say you can't bruteforce md5, unless you're extremley lucky.
> > However, md5 is easily broken, you just need to know how to construct
> > the hashes.
> >
> > One could switch to SHA for 'increaased' security.
> >
> > Although I don't think he'd be having problems using MD5 as he described
> > it. I'd also lilke to see he's example of brute-force 'cracking' the MD5
> > digest.
> >
> > Mike
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>