WebApp Sec mailing list archives

MD5 math question

From: "Jeff Robertson" <jeff.robertson () digitalinsight com>
Date: Tue, 3 Jan 2006 20:18:33 -0500

Assume that a password between 1 and 24 ASCII characters was stored as
an MD5 hash. No salt. What is the probability that someone cracking the
password will find not the password that the user originally chose, but
a different password that happens to collide with it? Intuitively it
seems so unlikely that you wouldn't ever expect to see it. But what is
the probability really?

-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------

Current thread:

MD5 math question Jeff Robertson (Jan 03)
- Re: MD5 math question Chris Varenhorst (Jan 03)
- Re: MD5 math question Tim (Jan 03)
- RE: MD5 math question Vipul Kumra (Jan 04)
- Memo: Re: MD5 math question tim . m . james (Jan 04)
- Re: MD5 math question Charles Miller (Jan 05)
  - Re: MD5 math question exon (Jan 06)
    - Re: MD5 math question Tim (Jan 06)
    - Re: MD5 math question exon (Jan 06)
    - Re: MD5 math question Tim (Jan 07)
    - Re: MD5 math question exon (Jan 07)

(Thread continues...)