[3871] in cryptography@c2.net mail archive
Re: MD5
daemon@ATHENA.MIT.EDU (David Jablon)
Tue Dec 29 13:45:22 1998
Date: Mon, 28 Dec 1998 23:35:58 -0500
To: Cryptography List <cryptography@c2.net>
From: David Jablon <dpj@world.std.com>
Cc: Bill Stewart <bill.stewart@pobox.com>, Eric Murray <ericm@lne.com>,
Ben Laurie <ben@algroup.co.uk>, Andrew Maslar <amaslar@home.com>
Andrew Maslar asked:
>I'm toying around with various protocols for key exchange, and I wonder,
>if an attacker intercepted the result of the following operation:
>md5(x) + md5(x + y + z)
>Could s/he compute y? [knowing x and z]
At 10:57 PM 12/27/98 -0800, Bill Stewart wrote:
>If y is a wimpy password, it's pretty easy ("wimpy" being a highly
>precise definition, of course :-). [... definition snipped]
>So you still, and always, need good passwords, even if you've got
>salt to help you.
Not always. Many stronger key exchange protocols tolerate wimpy
passwords, plain or salted, with minimal risk of network attack.
But in *this* protocol, Bill is right. Ordinary use of MD5 or
HMAC just doesn't do it.
-------------------------
David P. Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
