MD5 Cracked! Dangerous for PlaneShift!

[dfryer]

As stated by CadRipper, MD5 is a *hashing* algorithm, not an encryption algorithm.  MD5 is *non-reversible*, what the weakness means is that it\'s easier to find some input data that generates a given md5 hash than was previously thought.

Where it might be a threat is if people are relying on MD5 to verify the integrity of files, and someone is able to change the file and yet maintain the MD5 hash, but I don\'t think it\'s a big worry.  If it turns out the md5 is too feeble (and it isn\'t, given most people password choices) then we can switch to something more secure.

[MrKaKe]

Originally posted by Xordan

Originally posted by MrKaKe
\"The whole point is that you CAN reverse the encyption, so there IS a way beyond bruteforcing.\"

\"If you use pre-made hash tables, then you can bruteforce a 16 char hash in under 6 min.\"

You make me confused. It\'s still bruteforcing.

nono, This new thing is the reversing. I was pointing out with the hash tables that we already have a super fast way to bruteforce, so if it was just a faster bruteforcer, nobody would care. People care because you can now decrypt without having to bruteforce.

Very Well, nevermind

[CadRipper]

Originally posted by dfryer
Where it might be a threat is if people are relying on MD5 to verify the integrity of files, and someone is able to change the file and yet maintain the MD5 hash, but I don\'t think it\'s a big worry.  If it turns out the md5 is too feeble (and it isn\'t, given most people password choices) then we can switch to something more secure.

Until now, it\'s not possible. To take advantage of the newly discovered weakness, you have to modify both files to find a match, you can\'t modify one if the other (and its hash) is already in the open.

Hehe, what should you never wish to a cryptographer?
\"Happy birthday\"  

Xordan - what would be the memory footprint?