Register Log In

Forums Feature Suggestions $md6 implementation

Print Thread

Re: $md6 implementation starbucks_mafia #216448 15/11/09 07:27 AM
Joined: Jul 2008 Posts: 236 Hell, Australia S s00p Fjord artisan
s00p Fjord artisan S Joined: Jul 2008 Posts: 236 Hell, Australia	I agree with starbucks_mafia. I've studied MD5 and other message digest algorithms extensively, and the main problems they all face are: 1. by nature, collisions. These can only be solved by prefixing known collisions as they are found, and that's a damned good solution. 2. by nature, distribution. These can't be solved, even if you introduce a salt string. The more machines you have working on a hash, the faster it can be cracked. The more hashes you have of a single password (with salt strings), the faster it can be cracked. There is no perfect message digest algorithm, they're all flawed in the same ways. The difference is the amount of time it takes to generate a hash may be larger for one algorithm than another. In general, when you're talking about an exhaustive bruteforce against a digest that uses a particular algorithm, if you have a large distribution then it won't take long to find a collision even if the plaintext is above 64 bytes in length. Your most secure option is to use a salt string that is >= 64 bytes. If that's not secure enough, use another salt string that is >= 64 bytes and MD5 it twice. If your algorithm relies on MD6, use some MD6 source code to compile your own DLL and paste the source here, Khaled might be more than happy to implement $md6 if he has something easy to go on.

Entire Thread
Subject	Posted By	Posted
$md6 implementation	tontito	15/11/09 12:16 AM
Re: $md6 implementation	starbucks_mafia	15/11/09 01:38 AM
Re: $md6 implementation	s00p	15/11/09 07:27 AM

Link Copied to Clipboard