On Tue, Aug 24, 2004 at 08:22:54PM +0200, Almut Behrens wrote:
I always thought that the oneway-feature is not particularly relevant when verifying passwords... In other words, if you can find (within a reasonable amount of time) any input string that produces the same given digest, then any password verification system will let you in, independently of whether you ever get to know the original password...
Right. But since we know basically nothing about how the collision was generated we don't know if there's a way to find a message that has a given md5 hash value. IOW, the mechanism to generate the collision may only work with certain carefully chosen input data. Until more details are given it's all speculation. Mike Stone