Re: [Newbie] Advice needed regarding SHA0 SHA1 MD5

Erwin Moller <since_humans_read_this_I_am_spammed_too_much@spamyourself.com> writes:

>Dear group,

>I need some advice regarding the safety of SHA-0 SHA-1 and MD5, being quite
>ignorant on the subject myself.
>I expect the subject is old news for most of you, but I hope some friendly
>sould can help me a bit understanding the issue.

>I read the following articles by Bruce Schneier:

>http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
>and the follow up:
>http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

....
>We just had a discussion on the subject in a PHP-ng (PHP is a
>scriptinglanguage).
>We wondered if storing passwords hashed as MD5 was safe.

The so called MD5 hash used in the Linux password suite is NOT MD5. It uses
MD5 multiple times as a part of a god awful mess of a whole variety of
functions. It is as far as I know an unanalysed mess as well.

>I hope somebody can answer the following questions.

>Our most nagging questions are:
>1) Based on only a MD5 hash, can the abovementioned new algoritms create new
>inputstrings that produce the same hash in a reasonable short time?
>(That is called a collision, right?)

Depends on what you call reasonable. MD5 should no longer be used as a
secure hash, not should SHA1 apparently. Whether or not things that use it
should be retired immediately is less clear, and depends on the attack mode
envisioned.

>Or can it only be used in certain isolated situations?
>(I mean: Does it only work for a special subset of MD5 hashes?)

>2) If yes to 1) -> Should we consider SHA-0/1 and MD5 unsafe?

Independent of the answer to 1, the answer to this is yes.

>What other hash do you advise us to use?

>Thanks in advance for your time!

>Regards,
>Erwin Moller
Received on Thu Sep 29 21:52:55 2005