Security Basics mailing list archives

RE: Can anyone break MD5 scheme?

From: "JM" <jm () mindless com>
Date: Mon, 2 Dec 2002 20:50:05 -0000

AFAIK 

MD5 is a one-way hashing system.  If you can reverse that, congrats.

Change your ISP?

-----Original Message-----
From: flur [mailto:flur () flurnet org] 
Sent: 01 December 2002 00:14
To: security-basics () securityfocus com
Cc: cyber_armstrong
Subject: Re: Can anyone break MD5 scheme?

Perhaps a less controversial solution to get your linux box online would
be 
to designate an older machine running MS Windows as a router... There is

lots of software that will do this for you (ie Sygate, WinRoute, etc).
With 
few access list rules you can make the router quite transparent, and it
can 
serve as your first line of defense.

As for MD5, to the best of my knowledge, brute force is the only way to 
'crack' it... however I have heard rumors that some implementations are 
weaker then others.

At 06:03 AM 11/28/2002 +0800, you wrote:

I paid a high monthly fee for my PPPOE connection. The damned ISP

offered

only the client for M$ Windows. According to the packet dump, they use 
CHAP for authorization and the CHAP challenge  said it used MD5. But

when

rp-pppoe MD5s the string of Identifier+Secret+Challenge Value, the 
concentrator said the response is wrong.

Apparently the ISP-offered client is not going with the RFC 1994

standard

for CHAP and obviously I cannot get their source code by social

engineering.


/Is there a way to break the MD5? Or anyway around ? /I  need to know

my

ISP's digest scheme to get my Linux box online. I lived in a 
higly-sensored country and who knows what the offered client will do 
behind my back? Thanks in advance for my safety (not privay).

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com



____________________ __ _
~FluRDoInG                        flur () flurnet org
                             http://www.flurnet.org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02  C06B 83FF E6C5 8C2C 37C4

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 25/11/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 25/11/2002

Current thread:

Re: Can anyone break MD5 scheme? flur (Dec 02)
- RE: Can anyone break MD5 scheme? JM (Dec 03)
- Re: Can anyone break MD5 scheme? John Daniele (Dec 03)
- <Possible follow-ups>
- Re: Can anyone break MD5 scheme? flur (Dec 03)