Hello Bastian, Tuesday, July 9, 2002, 3:50:07 PM, you wrote: BS> Hi! BS> --On Dienstag, 9. Juli 2002 15:14 +0200 Christian Röpke BS> <christian.roepke@directbox.com> wrote:
[...] p.s. : it exits a attack against md5, but i can't describe details at the moment, i ask my prof. __________________________________________________
BS> In 1996 a german researcher found a way to produce "collisions" in the BS> compression function of MD5 (in about 10 hours on a 100 MHz Pentium I), but BS> IIRC could not extend this attack to the full algorithm. Details are here: BS> <http://www.rsasecurity.com/rsalabs/faq/3-6-6.html> BS> <ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf> BS> <http://www.informatik.uni-mannheim.de/informatik/pi4/projects/Crypto/rgp/m d5/dobbertin.ps>> BS> This is a serious academic weakness of the algorithm, but surely nothing to BS> worry about in practical applications. Attackers who have the required BS> resources for this kind of attack will certainly be able to find completely BS> different ways to compromise the security of your linux box. ok, here is the answer for you peer BS> By the way: The same goes for DES. There has been no practical attack BS> against the structure of the cipher. It is simply outdated, because BS> a) it is very slow in software and BS> b) it´s keysize is far too small to protect against brute force attacks BS> with today´s computing power (I guess, that´s what you meant with "attack") BS> Still, you need a considerable amount of computation to break DES and BS> attackers might just as well find different ways to break into your system. ok, but if we knows, that there is a way to crack the shadow file, why don't we use a secure algorithm ? (triple DES or AES) Are there no implementation for this algorithms ? (a DES cracker-maschine costs about 100.000 $) BS> Hope this helps. BS> Greetings, BS> Bastian. christian __________________________________________________ Gestalte Dein eigenes Handy-Logo unter http://www.yesms.de Ihre eMails auf dem Handy lesen - ohne Zeitverlust - 24h/Tag eMail, FAX, SMS, VoiceMail mit http://www.directbox.com