Re: md5 encryption

From: Otto Allmendinger <usenet.10.zyq@xxxxxxxx>
Date: Sun, 29 May 2005 13:20:13 +0200

simon wrote:

> He was asking about passwords. Almost every site that is md5() only
> compare the hash as they cannot compare the string.
> So, technically, given a hash key you can get a string. In turn that
> string would match the hash and give you access.

I don't quite agree. If the hash isn't generated by the string itsself, but
by a slightly alternated version of it, like md5(string.'extra'), the
attacker would find a string y with md5(y)==hash, but not one with
md5(y.'extra')==hash.
I think this is a very simple way to make a authentication routine more
secure.
.

Follow-Ups:
- Re: md5 encryption
  - From: simon

References:
- md5 encryption
  - From: roger
- Re: md5 encryption
  - From: Simon
- Re: md5 encryption
  - From: Michael Trausch
- Re: md5 encryption
  - From: simon
- Re: md5 encryption
  - From: Andy Hassall
- Re: md5 encryption
  - From: simon
- Re: md5 encryption
  - From: Oli Filth
- Re: md5 encryption
  - From: simon
- Re: md5 encryption
  - From: Oli Filth
- Re: md5 encryption
  - From: simon

Prev by Date: Re: register_long_arrays still show off ?
Next by Date: Re: md5 encryption
Previous by thread: Re: md5 encryption
Next by thread: Re: md5 encryption
Index(es):
- Date
- Thread

Relevant Pages

Re: long index strings
... I'm sure breaking a long string into 20 byte segments would work, ... What I was hoping for was a way to compute a mathematical hash such ... as MD5 in Filemaker. ... What are the requirements for writing a plug-in of your own? ...
(comp.databases.filemaker)
Re: "Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD"
... this was the Year of Doom for cryptographic hash functions. ... These go into great detail on the SHA-0 and MD5 collisions ... Difficulty in the former is called "collision resistance", ... you probably meant to say was "I can find a *different* string whose ...
(comp.os.linux.security)
Repairing damaged MD5 values
... The result is that whenever the MD5 hashed bytes contained a byte ... it was stored as one hex digit instead of two. ... So instead of uniform string lengths of 32, ... in a 26 digit hash than in a 32 digit. ...
(microsoft.public.sqlserver.programming)
Re: How to write a diff in VB6 for comparing two xml files?
... No, the best you could do is to read both into string and use StrCompbut it's inefficient and, but using the hash ... Private Declare Function CryptAcquireContext Lib "AdvAPI32.dll" Alias _ ... Dim HashAAs Byte, HashLenA As Long ...
(microsoft.public.vb.general.discussion)
Re: How do I can check a password Hash in WSE 2.0
... The SHA-1 hash of the password is sent in the SOAP message. ... WSE calls the AuthenticateToken method of the class deriving ... > private string HashPassword (string nnonce, DateTime nfecha, string ... and then compare your computed hash against the supplied one. ...
(microsoft.public.dotnet.framework.aspnet.security)