Date: Fri, 14 Feb 1997 18:05:28 -0600 (CST) From: Aleph One <aleph1@dfw.net> To: Mats Lofkvist <mal@bengt.algonet.se> Cc: freebsd-security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Message-ID: <Pine.SUN.3.94.970214180127.22842A-100000@dfw.dfw.net> In-Reply-To: <199702142048.VAA08594@bengt>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Feb 1997, Mats Lofkvist wrote: > Why did they feel the need for something better than md5? > Is there any known weaknesses in md5? 128 bits is enough to make md5 > extremely secure until someone finds a serious flaw in the algorithm, > brute force attacks will probably never be a problem. Well pseudo-collision have been found in MD5. It has also been estimated that for 10 million 1994 dollars you could build a collision search machine that could find a collision in 24 days on average. Of curse this doesnt mean much to anyone using MD5 for their passwords. For 10 million the'll just brake into you place and take the machine. People are starting to belive MD5 is not as secure anymore, and looking at other alternatives. Even Rivest has said so. > Mats Lofkvist > mal@algonet.se > > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.94.970214180127.22842A-100000>