Re: MD5 crypto!

On Tue, Apr 21, 2015 at 9:02 PM, Paul Wouters <paul(_at_)nohats(_dot_)ca> wrote:

On Tue, 21 Apr 2015, l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk wrote:

Despite the existence of RFC6151...

http://www.loginwall.com/Solutions.php



6151 only talks about MD5 Message-Digest and the HMAC-MD5.

It does not include "MD5 encryption" :)

Paul


For this particular application, MD5 is not the weakest link in the
chain, nor are the weaknesses in MD5 actually relevant.

I would not use MD5 in any application simply because there are
alternatives that don't require detailed explanation of why they are
safe. But I am pretty sure that unless we are talking about machine
generated passwords, an attack on MD5 is going to have a much higher
workfactor than brute forcing the password space.

<Prev in Thread]	Current Thread	[Next in Thread>
MD5 crypto!, l.wood Re: MD5 crypto!, Viktor Dukhovni Re: MD5 crypto!, Paul Wouters Re: MD5 crypto!, Phillip Hallam-Baker <= Re: MD5 crypto!, info(_at_)isoc(_dot_)org(_dot_)ec

Previous by Date:	Re: Gen-art LC review: draft-ietf-precis-saslprepbis-15, Peter Saint-Andre - &yet
Next by Date:	Re: Policy and tools regarding the filing of Internet Drafts, Behcet Sarikaya
Previous by Thread:	Re: MD5 crypto!, Paul Wouters
Next by Thread:	Re: MD5 crypto!, info(_at_)isoc(_dot_)org(_dot_)ec
Indexes:	[Date] [Thread] [Top] [All Lists]