[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Joachim Durchholz <jo_at_durchholz.org>
Date: 2005-11-16 23:25:44 CET

Leon Zandman schrieb:
>>From a Slashdot story that ran yesterday:
> "Patrick Stach has announced the availability of his source code for
> finding MD5 collisions and MD4 collisions. MD4 collisions can be found
> in a few seconds (but nobody uses that any more), while MD5 collisions
> (still being used!) take 45 minutes on a 1.6 GHz P4."
> http://it.slashdot.org/article.pl?sid=05/11/15/2037232&tid=172&tid=93&ti
> d=228
> http://www.stachliu.com.nyud.net:8090/collisions.html
> 45 minutes... So, I guess MD5 isn't as safe as you think.

It's not as bad as you might think. It's like a dam - it has cracks, and
we can see it will break sooner or later, but it's not broken yet.

In the case of MD4, they can create two pieces of data that have the
same MD5 hash. That's noteworthy, and a very useful starting point for
further research in that area, but it's still not possible to create a
file that hashes to a given value. It's even less possible to create a
file that is just a simple variation of a given one (say, with a rootkit
added) and still gives the same hash value.
Not at this time, at any rate :-)


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 23:31:04 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.