* Reckhard, Tobias wrote on Thu, Jul 11, 2002 at 11:00 +0200:
Yes, this is called a collision. With the crypt algorithm, which produces 56 bit results, every 72,057,594,037,927,936th (==2^56) password gets the same hash value. With other words, if you
I think you're forgetting about the birthday paradox. See http://www.rsasecurity.com/rsalabs/faq/2-4-6.html for some information on attacks against hash functions.
No, I don't. you cannot apply the birthday fact (I don't think it's paradox) here, since the value you need to get in a collision is given (since this is the value stored in shadow). It doesn't help to get any collision, here you need the right one.
[salt]
typical MD5 "crypts" use much larger ranges). The value is taken by random. So every password has 4096 possible results. To be able to decrypt, the salt itself is stored in plain as the first two bytes of the password "hash". So for a million words you would need 4 billion precalculated hashes.
However, since the salt is stored in plaintext in the shadow file, if you get that, the advantage of salt disappears.
That is incorrect. Of course you cannot precalculate exactly the salts that you will find later (at least this is not possible if we assume time as going forward only :)). (I think this thread is getting boring.) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.