What about a birthday attack? a birthday attack seems to work against MD5
Nikhil
Random strings are harder to get, but still possible with a brute force approach (a cracker that tries every combination of n letters, digits and special characters that exist). This however takes very long and is not feasible for most.
"not feasible for most" is a gross understatement.
The MD5 hash is 128 bits long. This means that there are 340,282,366,920,938,463,463,374,607,431,768,211,456 values. This means that even if you could try a TRILLION combinations a second it would take you 10,790,283,070,806,014,188 years to break!
A brute force attack against MD5 won't work.
However a dictionary attack is much more likely to work againstthis algorithm. That is not due to any weakness of the algo but due to human tendency of picking works like "god" , "password" etc as passwords. -- vinayak hegde
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
On Wed, 3 Apr 2002, Nikhil D. Kikkeri wrote:
What about a birthday attack? a birthday attack seems to work against
anything that can correctly guess a password will work against any encryption. The task is to use an unguessable password so that brute force will be the only method that works. Then, pick an encryption scheme that makes even brute force impossible.
You still cannot protect against stupid users. People who write down their passwords on pieces of paper and stick these on the monitor, or worse, on the company bulletin board.
then, there's also social engineering.
-
Nikhil D. Kikkeri -
Philip S Tellis