[nycphp-talk] FW: SHA-0 Broken, MD5 Rumored Broken
Chris Shiflett
shiflett at php.net
Sun Aug 22 22:29:41 EDT 2004
--- Hans Zaunere <hans at nyphp.com> wrote:
> An interesting project would be to see if two UNIX timestamps exist that
> produce the same MD5.
Well, are you considering a UNIX timestamp to be any positive integer? :-)
If so, there are definitely collisions somewhere, because there are more
inputs than possible outputs.
I've always heard the top crypto guys saying that MD5 was weaker than
people thought; I guess they were right. Still, I wouldn't mind seeing one
of these experts comment on whether it is dangerous to be using MD5 for
passwords and such.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list