On Tue, Apr 21, 2015 at 9:02 PM, Paul Wouters <paul(_at_)nohats(_dot_)ca> wrote:
On Tue, 21 Apr 2015, l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk wrote:
Despite the existence of RFC6151...
http://www.loginwall.com/Solutions.php
6151 only talks about MD5 Message-Digest and the HMAC-MD5.
It does not include "MD5 encryption" :)
Paul
For this particular application, MD5 is not the weakest link in the
chain, nor are the weaknesses in MD5 actually relevant.
I would not use MD5 in any application simply because there are
alternatives that don't require detailed explanation of why they are
safe. But I am pretty sure that unless we are talking about machine
generated passwords, an attack on MD5 is going to have a much higher
workfactor than brute forcing the password space.