[37651] in bugtraq
Re: MD5 To Be Considered Harmful Someday
daemon@ATHENA.MIT.EDU (Paul Wouters)
Wed Dec 8 18:30:14 2004
Date: Wed, 8 Dec 2004 21:48:00 +0100 (MET)
From: Paul Wouters <paul@xtdnet.nl>
To: Gandalf The White <gandalf@digital.net>
Cc: davids@webmaster.com, Dan Kaminsky <dan@doxpara.com>,
BugTraq <bugtraq@securityfocus.com>
In-Reply-To: <BDDBE0EB.19C58%gandalf@digital.net>
Message-ID: <Pine.LNX.4.61.0412082146190.31218@expansionpack.xtdnet.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-MailScanner-From: paul@xtdnet.nl
On Tue, 7 Dec 2004, Gandalf The White wrote:
> What I am worried about is the integrity of MD5 hashed passwords. This
> It does not matter that I don't know the correct password, I have a password
> that collides into the correct hash. I can log into the system with my
> generated password.
Can't we just truncate the password to 8 characters like in the old days
before doing the MD5 hash? It will greatly reduce the chance of a collision.
In fact, I am not even sure my systems don't do this already.
Paul
