This is Gergő Tisza's TypePad Profile.
Join TypePad and start following Gergő Tisza's activity
Already a member?
Update has been hidden from all public facing feeds in TypePad
If you could mimic another person's fingerprint or DNA at will, you could do some seriously evil stuff. MD5 is clearly compromised, and SHA-1 is not looking too great these days. Collision attacks against MD5/SHA1 are nothing like mimicking another person's DNA; they are like the ability to create twins who share the same DNA. As you can guess from the lack of frauds committed by evil twins, that ability is not very dangerous. The same is true in cryptography: collision attacks can be problematic in some cases (such as when a hash is used to digitally sign a message), but completely irrelevant to cracking passwords. As for figuring out the plaintext which hashes to a certain string, that is called a first preimage attack, and no such attack is known against either SHA1 or MD5 (or even MD4). So SHA1/MD5 is just as secure for password hashing as SHA-256 or any other fast cryptographic hash. (Which is to say, not very secure - as the article correctly explains.) Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. I don't think PBKDF2 was specifically designed to be GPU-unfriendly - it was just designed to be slow.
Commented Apr 6, 2012 on
Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the...
Gergő Tisza is now following
The Typepad Team
Apr 6, 2012
Subscribe to Gergő Tisza’s Recent Activity
View all »
Around The Web
All Rights Reserved.
Terms of Service