Re: Insecure Hash Algorithms (MD5) and NTLMv2

From: Jack Lloyd (lloyd@randombit.net)
Date: Wed Nov 02 2005 - 12:10:00 EST


On Tue, Nov 01, 2005 at 09:57:35AM -0000, Miguel Dilaj wrote:
> Hi Daniel,
>
> I fully agree with you.
> The whole buzz about MD5 being "weak" has been grossly misunderstood and
> exagerated by the media.
> Generating arbitrary malware that produces the same hash (MD5 or any
> other) it's still very difficult, and has nothing to do with cracking
> password hashes. I know some byte chains for MD5 have already being
> produced, don't throw the links at me ;-)
>
> The time required either to generate a table or to parse it will be
> slightly longer if the hash has more bits, more space will be required
> for the tables, but that's pretty much it. We can't even start to
> compare that with the "real bruteforcing" time.
>
> Another interesting point is that the media has presented this as
> "MD5=bad, otherhash=good".
>
> In theory ALL hashing algorithms are clearly flawed by collisions. Every
> single one of them, and the reason is of mathematical nature.
[...]

Yes, obviously all hash functions which hash larger strings to smaller strings
are going to have collisions (this is due to an old mathematical result called
the pigeonhole principle). That is not a flaw, because it is intrinsic to the
fact that the input domain is larger than the output domain. The flaw here is
that MD5 collisions can be generated not only much faster than they should be
(2^64 tries, which is a significant amount of work), but fast enough to be
quite practical (a few hours on a big machine). SHA-1 has also been broken, but
the attack is estimated to take 2^69 effort (about 2000 times easier than
expected) which is not practically doable right now unless you are government
funded.

You say "it's still very difficult". Maybe so, today, but the attacks are good,
and they are going to get better - the MD4/MD5/SHA-1 breaks have stirred up a
lot of new interest in hash fuction analysis. Waiting until MD5 is so
thoroughly broken that you have no choice but to move away from it sems like
a poor plan, unless you enjoy running crash projects.

-Jack

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:07 EDT