md5 security

thefool · Post by **thefool** » Fri Jul 16, 2004 5:51 pm

Hi!

can MD5 be reversed?

Many software products uses md5 as password hashing.
But can it be reversed, or is it 100% secure to use md5 for checking a password?

blueznl · Post by **blueznl** » Fri Jul 16, 2004 6:35 pm

afaik md5 cannot be reversed, however md5 is length dependent, ie. brute force on short passwords will quickly yield results

thefool · Post by **thefool** » Fri Jul 16, 2004 7:07 pm

thanks

Karbon · Post by **Karbon** » Fri Jul 16, 2004 7:08 pm

Yep MD5 is a one-way hash.

thefool · Post by **thefool** » Fri Jul 16, 2004 7:10 pm

ok. So its very secure for testing passwords.
Isnt linux using it for password security too?

Proteus · Post by **Proteus** » Fri Jul 16, 2004 7:13 pm

Linux uses DES with a 2-char key. (According to the PB helpfile...)

Karbon · Post by **Karbon** » Fri Jul 16, 2004 7:14 pm

It depends on what distribution of Linux you use. I think most use MD5 verses DES these days..

thefool · Post by **thefool** » Fri Jul 16, 2004 7:17 pm

ok. Thanks

kake26 · Post by **kake26** » Sun Jul 18, 2004 6:23 am

Yes any sane linux distro will use MD5 and it will shadow the password.