in reply to Re: Reverse MD5
in thread Reverse MD5

Blowfish is an encryption algorithm, not a hashing algorithm. It's not an alternative to MD5.

From here on, take what I say with a grain of salt. I'm not sure of everything.

SHA-1 is stronger than MD5, and SHA-256/512 strong still, but all are known or suspected to be broken for the same class of attacks. None are completely broken mind you. They are broken in the cryptographic sense, which means something like "being weaker than they were originally". However, attacks only get better with time.

Furthermore, the only property that is broken is the ability to produce two texts that hash to the same value, not the ability to produce a text that hashes to a given value. That property is important for document signing, but not for password protection.

Update: Re-organised to clarify uncertainty.

Replies are listed 'Best First'.
Re^3: Reverse MD5
by zentara (Cardinal) on Dec 02, 2008 at 14:31 UTC
    See Blowfish and check out the section "Blowfish in Practice". I know SuSE linux uses this Blowfish hash for it's passwords, and many distros have advanced options when you install, to select the hashing algorithm to be used. Blowfish is commonly listed. Also google for "blowfish hash".
    I'm not really a human, but I play one on earth Remember How Lucky You Are
[reply]

      According to your own reference material, it's apparently a bit of a misnomer. Emphasis mine:

      the password-hashing method used in OpenBSD uses an algorithm derived from Blowfish

      It's unfortunate if they called this hashing algorithm Blowfish as well.

[reply]
[reply]
[reply]

In Section Seekers of Perl Wisdom