WebApp Sec mailing list archives
RE: MD5 math question
From: "Jeff Robertson" <jeff.robertson () digitalinsight com>
Date: Fri, 6 Jan 2006 09:16:44 -0500
-----Original Message----- Without knowing the correct password there is no way of knowing that the collision isn't it, and from a practical point of view it doesn't matter in the slightest.
It matters if the purpose of the "cracking" isn't to allow an attacker to log into the system, but to recover lost passwords for legitimate purposes. No one needs to tell me this is a bad idea, I was just looking to find out how bad it is in this particular regard. ------------------------------------------------------------------------------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- Re: MD5 math question, (continued)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 06)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 07)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Charles Miller (Jan 06)
- Re: FW: RE: MD5 math question Chuck (Jan 06)