Date: Mon, 16 Nov 1998 22:19:09 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Adam Shostack <adam@homeport.org> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>, Terry Lambert <tlambert@primenet.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <24578.911251149@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 16 Nov 1998 14:45:56 EST." <19981116144556.A11685@weathership.homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19981116144556.A11685@weathership.homeport.org>, Adam Shostack writ es: >My understanding of Dobbertin's attack is that he generates both >halves of a collision pair, not finds an arbitrary match to a >pre-existing value. If he has the latter, that may or may not >transform into an attack on the password system. You'll need to find >a printable (<9 character?) value that collides if you want to attack >the password system via this route. Last I heard about it, Dobbertin didn't attack MD5, but an MD5-like algorithm. Second, you'd need to find a thousand consecutive collisions to hack a password. Check the code. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24578.911251149>