Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wrong. Collisions can be found in MD5 in 2^21 time due to an attack by Xie and Feng. 2^64 is a very respectable number and is not practical for people to do on their home machines. 2^21 is.


You are right, of course. I wrote that as 'ideal digest' instead of MD5 then rewrote it. Specific digests always lose a few bits in real life, or in MD5's case, most of the bits...


Plus you only need a collision to break into a system that uses hashed passwords, not a preimage.


Clarify? Collision attacks by definition do not feature an existing digest as input so they are not useful for breaking into a system secured with a digest.


Ah, I misunderstood. By "collision attack" you meant "find two plaintexts that hash to the same digest", I interpreted it as "find one plaintext that hashes to a specific digest", and "preimage attack" as "find the plaintext that was hashed to this digest".

Please disregard my comment above.


I guess he could mean that you could find a plaintext that had the same hash value through use of a collision ... but that's just finding a preimage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: