[JDEV] MSNP8 Security Enhancement
Andrew Sayers
andrew-list-jabber-jdev at ccl.bham.ac.uk
Fri Sep 12 09:32:42 CDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Sep 11, 2003 at 11:03:08 -0700, harmeet_im at kodemuse.com wrote:
> From: Andrew Sayers <andrew-list-jabber-jdev at ccl.bham.ac.uk>
>
> > True for both MD5 and SSL. However, sniffing an MD5 authentication is
> > trivial, and brute-forcing your password from that won't take long.
>
> A secure hash uniquely identifies a plain text(password) but has the
> property that it is computationally unfeasible to get the plaintext
> from hash. MD5 is not the best but the one-way property is pretty sound.
>
The idea of brute-forcing an MD5 password is that you repeatedly MD5-encode
strings until you find one that produces the target digest. This way,
you can get around the one-way property for short strings (like
passwords).
- Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: The following is method of proving my identity. For more information, see http://www.gnupg.org. E-mail {andrew-go-away at ccl.bham.ac.uk} if you don't want this.
iD8DBQE/YdkIUjUCivGf+MsRAifNAJ0fSxXNDM7/pUfVb13Lm5Way0LjoQCfRg8j
ZsmUJFV13JenLIemEw3PZk4=
=I8/c
-----END PGP SIGNATURE-----
More information about the JDev
mailing list