Security Basics mailing list archives
Re: Can anyone break MD5 scheme?
From: flur <flur () flurnet org>
Date: Sat, 30 Nov 2002 19:13:30 -0500
Perhaps a less controversial solution to get your linux box online would be to designate an older machine running MS Windows as a router... There is lots of software that will do this for you (ie Sygate, WinRoute, etc). With few access list rules you can make the router quite transparent, and it can serve as your first line of defense.
As for MD5, to the best of my knowledge, brute force is the only way to 'crack' it... however I have heard rumors that some implementations are weaker then others.
At 06:03 AM 11/28/2002 +0800, you wrote:
I paid a high monthly fee for my PPPOE connection. The damned ISP offered only the client for M$ Windows. According to the packet dump, they use CHAP for authorization and the CHAP challenge said it used MD5. But when rp-pppoe MD5s the string of Identifier+Secret+Challenge Value, the concentrator said the response is wrong.Apparently the ISP-offered client is not going with the RFC 1994 standard for CHAP and obviously I cannot get their source code by social engineering./Is there a way to break the MD5? Or anyway around ? /I need to know my ISP's digest scheme to get my Linux box online. I lived in a higly-sensored country and who knows what the offered client will do behind my back? Thanks in advance for my safety (not privay).__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
____________________ __ _ ~FluRDoInG flur () flurnet org http://www.flurnet.org KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048 1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4
Current thread:
- Re: Can anyone break MD5 scheme? flur (Dec 02)
- RE: Can anyone break MD5 scheme? JM (Dec 03)
- Re: Can anyone break MD5 scheme? John Daniele (Dec 03)
- <Possible follow-ups>
- Re: Can anyone break MD5 scheme? flur (Dec 03)