Re: Re: Encryption 101

Replies are listed 'Best First'.
Re: Re: Re: Encryption 101 by hardburn (Abbot) on Aug 11, 2003 at 13:44 UTC
Sorry it took so long to reply--I've been on vacation for a week. MD5 had its compression function broken. This doesn't hurt its security, but it does mean that one of MD5's design goals is destroyed. IIRC, this also stops MD5 from being used in one of those cute tricks where you use a cryptographic hash as a block cipher (which isn't common, but could be useful in countries where normal encryption is outlawed). I haven't read too deeply on the subject, but I know there are other problems with potential collisions that do effect security. MD5 isn't dead, but it is bleeding pretty bad. It is intresting to note that both MD5 and SHA1 are very similar to MD4, but SHA1 has subtle changes that make various attacks against MD4 and MD5 impossible. In short, use SHA1 if you can. It's not just that has a larger hash value, but its an all-round tougher algorithm. ---- I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident. -- Schemer Note: All code is untested, unless otherwise stated	[reply]
Re: Re: Re: Encryption 101 by Anonymous Monk on Aug 02, 2003 at 01:22 UTC
I think he's overstating "a lot of people". Many seem to preferr SH1 over MD5, but typically this is because of the key length (160bit instead of 128bit) - not because of weaknesses in the algorithm itself. Most people wouldn't try to brute force either. The primary weakness in passwords is almost ALWAYS the fault of those who pick them. Take a look at how 'John the Ripper' works, and you see interesting trends in passwords.	[reply]