Insecure Hash Algorithms (MD5) and NTLMv2

[Daniel Miessler <daniel () dmiessler com>]

On Sep 22, 2005, at 11:52 PM, Craig Wright wrote:

> First the quote from the MSFT program manager
>
> "Microsoft is banning certain cryptographic functions from new  
> computer
> code, citing increasingly sophisticated attacks that make them less
> secure, according to a company executive. The Redmond, Wash., software
> company instituted a new policy for all developers that bans functions
> using the DES, MD4, MD5 and, in some cases, the SHA1 encryption
> algorithm, which is becoming "creaky at the edges," said Michael  
> Howard,
> senior security program manager at the company, Howard said."

Just because MD5 has become "relatively" weak in recent months  
doesn't mean that it's trivial to create/find collisions using it.  
Or, to put it another way, since NTLMv2 does in fact use a much  
larger set of inputs, the fact that MD5 has become weaker simply  
isn't an issue.

Here's why: the practical issue concerning collisions in weak hashing  
algorithms has to do with modified/maliciously-generated content  
hashing to the same thing as legitimate content does. This threat has  
nothing to do with the difficulty of brute forcing hashes in the vein  
of the rainbowcrack project, since the entire premise for that  
project is trying all inputs.

Another way of looking at this is almost like a salting process; if  
user@domain is part of every input then you can't just test $input,  
you have to test $input for every $user@domain combination. As such,  
the solution *IS* significantly stronger despite its use of MD5.

Or, at least this is how I currently understand things. Feel free to  
correct me if I'm wrong.

--
Daniel R. Miessler
M: daniel () dmiessler com
W: http://dmiessler.com
G: 0x316BC712

Attachment: PGP.sig
Description: This is a digitally signed message part