Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Insecure Hash Algorithms (MD5) and NTLMv2

From: Thierry Zoller <Thierry () sniff-em com>
Date: Tue, 1 Nov 2005 12:46:53 +0100
Dear Daniel,


DM> Just because MD5 has become "relatively" weak in recent months  
DM> doesn't mean that it's trivial to create/find collisions using it.

http://www.doxpara.com/t1.html
http://www.doxpara.com/t2.html
Same md5

http://www.cits.rub.de/imperia/md/content/magnus/letter_of_rec.ps
http://www.cits.rub.de/imperia/md/content/magnus/order.ps
Same md5

http://www.win.tue.nl/~bdeweger/CollidingCertificates/MD5Collision.certificate1.cer
http://www.win.tue.nl/~bdeweger/CollidingCertificates/MD5Collision.certificate2.cer
Same md5


http://www.doxpara.com/confoo.pl
http://www.cits.rub.de/MD5Collisions/



-- 
http://thierry.sniff-em.com
Thierry Zoller




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: