Penetration Testing mailing list archives
Insecure Hash Algorithms (MD5) and NTLMv2
From: Daniel Miessler <daniel () dmiessler com>
Date: Sun, 30 Oct 2005 05:07:55 -0500
On Sep 22, 2005, at 11:52 PM, Craig Wright wrote:
First the quote from the MSFT program manager"Microsoft is banning certain cryptographic functions from new computercode, citing increasingly sophisticated attacks that make them less secure, according to a company executive. The Redmond, Wash., software company instituted a new policy for all developers that bans functions using the DES, MD4, MD5 and, in some cases, the SHA1 encryptionalgorithm, which is becoming "creaky at the edges," said Michael Howard,senior security program manager at the company, Howard said."
Just because MD5 has become "relatively" weak in recent months doesn't mean that it's trivial to create/find collisions using it. Or, to put it another way, since NTLMv2 does in fact use a much larger set of inputs, the fact that MD5 has become weaker simply isn't an issue.
Here's why: the practical issue concerning collisions in weak hashing algorithms has to do with modified/maliciously-generated content hashing to the same thing as legitimate content does. This threat has nothing to do with the difficulty of brute forcing hashes in the vein of the rainbowcrack project, since the entire premise for that project is trying all inputs.
Another way of looking at this is almost like a salting process; if user@domain is part of every input then you can't just test $input, you have to test $input for every $user@domain combination. As such, the solution *IS* significantly stronger despite its use of MD5.
Or, at least this is how I currently understand things. Feel free to correct me if I'm wrong.
-- Daniel R. Miessler M: daniel () dmiessler com W: http://dmiessler.com G: 0x316BC712
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Oct 31)