[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Phil Endecott <spam_from_subversion_users_at_chezphil.org>
Date: 2005-11-16 23:30:06 CET

Leon Zandman wrote:
>>No, MD5 is not brute forceable, easy or not so easy. If you
>>read the website you pointed to, you'll see it says no such
>>thing. Which is good because it would be fiction otherwise.
>
>
>>From a Slashdot story that ran yesterday:
>
> "Patrick Stach has announced the availability of his source code for
> finding MD5 collisions and MD4 collisions. MD4 collisions can be found
> in a few seconds (but nobody uses that any more), while MD5 collisions
> (still being used!) take 45 minutes on a 1.6 GHz P4."
> http://it.slashdot.org/article.pl?sid=05/11/15/2037232&tid=172&tid=93&ti
> d=228
>
> http://www.stachliu.com.nyud.net:8090/collisions.html
>
> 45 minutes... So, I guess MD5 isn't as safe as you think.

Don't believe everything that you read on Slashdot.
In fact, don't believe ANYTHING that you read on Slashdot.

"Finding a collision" is a lot different from "finding THE collision"
that you need to crack my MD5-encoded password. Example: after 45
minutes, your computer tells you that "Foo" and "Bah" have the same MD5
digest "XYZ". How does this help you find out my password given its MD5
digest "ABC"? It doesn't.

--Phil.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 23:33:31 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.