Author Topic: _  (Read 743 times)

IronFist

  • Autococker
  • Posts: 1304
_
« on: November 16, 2005, 02:07:19 PM »
Post removed
« Last Edit: July 25, 2010, 11:03:21 PM by IronFist »

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: MD5 = dead
« Reply #1 on: November 16, 2005, 03:02:11 PM »
I'm not quite sure I follow.  This only applies to password storage, correct?  I've never thought using a popular, standard algorithm for password storage was very secure, but I suppose it doesn't really matter.  As long as the algorithm is known, anybody can brute force it.

In any case, if you build a database from a dictionary and resulting hashes, it doesn't matter WHAT algorithm is used.  If your password is in that dictionary, it can be looked up.  For example, say your password is "test".  In MD5, it would be stored as: 098f6bcd4621d373cade4e832627b4f6.  With this site, all you have to do is look up "098f6bcd4621d373cade4e832627b4f6" in a database and it tells you it's "test".

If you created a new algorithm that, say, stored "test" as "XYZABCDEFG" and somebody put together another database like this, all you'd have to do, again, is look up "XYZABCDEFG" in the database to get "test".  The same would be the case for SHA256 or whatever you wanted to use.  As long as the word is in the dictionary/database, it's trivial to look it up.  That's why it's important to use passwords that are unlikely to be in any dictionary.