MD5 Cracked! Dangerous for PlaneShift!

[Ramsey]

MD5 Has been cracked. Although this required 80 000 CPU Hours on an Intel Itanuim 2, in about a year or so this could lead to major cheating on PlaneShift. I suggest The AutoUpdater should have its secure hashing methods switched to a more safer system in the upcomming CB Release.

Just ta let you all know

Source: http://www.linuxinsider.com/story/35926.html
Find More Info about this by searching on Google for \"MD5 Cracked\"

[Taldor]

I don\'t think Planeshift uses MD5 for security reasons, but to make sure that the file isn\'t corrupted by downloading.

[icebr4kr]

Actually, Crystal Blue will use MD5 for sending passwords, but it is not that simple, mind you. The randomly assigned client number is appended to the password to before being hashed (like this: \"password:clientnum\") and sent across the wire. The server checks this with the hash of the password in the database and the client number. You\'ll have to wait for a more official answer from a dev, but I doubt this has any serious implications.

[Xordan]

Yeah, heard about it a while ago. Shouldn\'t be a serious problem. It\'ll take far too long to crack one to be worth the effort, unless you\'ve got a quad opteron... then it\'ll take about a month... which is still not worth it, even if you do somehow manage to get hold on the hash, which is the hardest thing to do. atm, I can bruteforce a 8 digit/lowercase alpha hash in 5 min using tables, so this really makes no difference as most people have 8 or less chars in their password. So as long as CB has a secure method of sending the info, there shouldn\'t be a problem.

[MrKaKe]

I believe the term \"cracked\" doesn\'t really apply to this, from what I\'ve read, it was MD5 collisions that was disturbing. Anyway, it\'s practically impossible to crack a good password hashed by MD5 (Well, it is impossible to decrypt it ), and as long as people keep proper password routines (change it once a month, choose something using both letters, and numbers and for gods sake, keep away from the three letter words) this shouldn\'t be something to worry about.

[Xordan]

No. The point here is that some maths guys found a way to decrypt it. So no, it\'s not impossible to decrypt, and the term \'cracked\' does apply to this. So it is something to worry about if someone can get hold of your hashes.

[orogor]

bah , at worst , there s even stronger algos than md5 , which require more cpu , but if it really become a problem one day , i think peps will make the switch

[MrKaKe]

One thing to remember is that this is hashing, and not encryption. If it was possible to gain the original data out of a MD5 hash without resorting to brute-forcing, and rather just decrypting it, we would be sitting on the most ingenious compression algorithm of all time (just think about it, as an example, the MD5 hash of Slackware 10.0 CD1 ISO is <1 KB, while the actual image is ~700MB...). In other words, since it is a hashing algorithm, which means that data is lost in the process of generating the hash, there is NO WAY beyond brute-forcing to get hold of the original data. The problem is that someone has found a way to increase the speed of brute forcing the hashing. However, it would still take some time (more than is useful) on a average joe\'s machine to \"crack\" it.

Besides, if someone were to get hold of your Planeshift password hashes, I would be considerably more concerned with exactly how he got hold of it, rather than worrying that someone might kill off my character in game.

[MrKaKe]

Originally posted by orogor
bah , at worst , there s even stronger algos than md5 , which require more cpu , but if it really become a problem one day , i think peps will make the switch

Well, it\'s all about pattern recognisation, and I don\'t think it would have been wise to consider MD5 as perfectly secure and the cure for all your worries when it first got out either. If someone is smart enough to make it, someone is smart enough to break it.

[CadRipper]

I couldn\'t get a copy of Antoine Joux\'s paper yet, but from a similar result published at the same conference and from what I\'ve heard, you shouldn\'t worry too much as long as MD5 is used for password or message authentication.

I think what has been proven is that MD5 (among others) is not collision resistant, which means you can find a couple of messages X, Y such as there is a collision h(X) = h(Y). That in a few hours on a standard system.

It doesn\'t mean that, for any given hash h and without knowing the input, you can find another message Y such as f(Y) = h. And it doesn\'t mean either that you can find, for one given message X, another one Y such as h(X) = h(Y).

In other terms, it\'s still preimage and 2nd preimage resistant in the public knowledge.

This could be potentially used in an attack with digital signatures, though. If you forge two messages X and Y, such as h(X) = h(Y), and send X to someone else who signs the hash, you could later claim they signed the message Y. In plain English, you could make two messages with a totally different meaning, and pad them with some unnoticeable garbage in order to have a match of their hash code. If someone signs the first message digitally, the signature would be the same for the other message: it\'s as if this someone had signed the other message.

[Xordan]

Originally posted by MrKaKe
In other words, since it is a hashing algorithm, which means that data is lost in the process of generating the hash, there is NO WAY beyond brute-forcing to get hold of the original data.

The whole point is that you CAN reverse the encyption, so there IS a way beyond bruteforcing. Being able to speed up the process is like last year... If you use pre-made hash tables, then you can bruteforce a 16 char hash in under 6 min. This is why everybody is crapping themselves, because you can decrypt without having to spend the years making the hash tables... If it was just a faster way of bruteforcing then nobody would really care.

[MrKaKe]

Originally posted by Xordan

Originally posted by MrKaKe
In other words, since it is a hashing algorithm, which means that data is lost in the process of generating the hash, there is NO WAY beyond brute-forcing to get hold of the original data.

The whole point is that you CAN reverse the encyption, so there IS a way beyond bruteforcing. Being able to speed up the process is like last year... If you use pre-made hash tables, then you can bruteforce a 16 char hash in under 6 min. This is why everybody is crapping themselves, because you can decrypt without having to spend the years making the hash tables... If it was just a faster way of bruteforcing then nobody would really care.

\"The whole point is that you CAN reverse the encyption, so there IS a way beyond bruteforcing.\"

\"If you use pre-made hash tables, then you can bruteforce a 16 char hash in under 6 min.\"

You make me confused. It\'s still bruteforcing.

[steuben]

first law of cryptography:
if you can get at encrypted data, so can anybody else.

first collerary:
having the decryption key just makes it easier.

[Xordan]

Originally posted by MrKaKe
\"The whole point is that you CAN reverse the encyption, so there IS a way beyond bruteforcing.\"

\"If you use pre-made hash tables, then you can bruteforce a 16 char hash in under 6 min.\"

You make me confused. It\'s still bruteforcing.

nono, This new thing is the reversing. I was pointing out with the hash tables that we already have a super fast way to bruteforce, so if it was just a faster bruteforcer, nobody would care. People care because you can now decrypt without having to bruteforce.

[SaintNuclear]

There shouldn\'t be much of a panic about it. If it takes that much only very few will be able to do it in the very near future, and I doubt any of them are interested in getting passwords of PS players.

And by the time it\'ll be more common for people to have the ability to do it, there will already be a far better algorithm. I bet it\'ll be called MDX, or MDIII, because some idiot decided that roman numerals are I III III VII.

The encryption \\ decryption battle is probebly as old as languages, each side always trying to catch up on the other. As MrKaKe said, it was wrong to overestimate MD5.
No matter how good an encryption will be, it\'ll be decryptable. Maybe not today, maybe not tomorrow, but it will be. And when it will, people will panic, and a better encryption method will be introduced.

Actually, it shouldn\'t be that hard to find ways to decrypt stuff. If you know the encryption method, all you need is some CPU cycles. Of course that the better the encryption, the longer it will take, but that\'s all you need, and that\'s something many people in the western world have.

Actually, I\'m kinda surprised it took that long to crack it, I mean, how old is it, 13? Seems like the decrypting forces are slacking. Can\'t blame them though, considering that by the time they\'ll be able to use it there will be a new set of defences.


Edit: Oh, and btw, you know all those annoying things in registrations that require you to enter a serie of numbers and letters that are shown in a pic that is hardly understandable? You know how they claim to be \"Understandable by humans, but not by machines\". BS. Just get a better CPU. For these things you might also want to code a program that can take the image and alter it back to plain text, because they usually use filters and stuff. But it\'s really possible.
Some of them are actually really hard for humans, but can be possible for a computer with enough CPU and a nice program to decypher them.