Report of collision-generation with MD5
Brett Glass
brett at lariat.org
Wed Aug 18 16:46:58 PDT 2004
At 02:54 PM 8/18/2004, Chris Doherty wrote:
>what you can do, if you have a proper attack formula, is find *a* message
>that produces *that one hash*. that is, if I have message M which produces
>hash H, I can use the attack to find *a* message M' which will also
>produce hash H.
The thing is, passwords are short and have limited entropy. Chances are,
if you find a password that produces the same hash, it's M.
--Brett
More information about the freebsd-security
mailing list