Re: MD5 To Be Considered Harmful Someday

[Keith Oxenrider <koxenrider@xxxxxxxxxxxxxxx>]

For what it is worth, I have an ANSI standard C++ implementation of the 
sha-160/224/256/384/512 bit algorithms that auto-detects endian-ness and 
adjusts accordingly (tested on Wintel, Lintel and Solaris).  It can be 
found at http://sol-biotech.com/code/sha2/ (it comes with a test suite that 
was developed by Aaron D. Gifford who did the C implementation I based it 
on).  For some reason the default directory display does not list the 
README File, it is here: http://sol-biotech.com/code/sha2/README.  I 
created a simple password class for creating and managing passwords based 
on my sha* implementation, it can be found here: 
http://sol-biotech.com/code/SimplePass/.  I would love to have constructive 
feedback.

Keith Oxenrider
CISSP

At 10:36 PM 12/7/2004 -0600, Gandalf The White wrote:
> Greetings and Salutations:
>
> <snip>
>
> I just want to make sure that the MD5 hash passwords don't end up being as
> easy to compute as the Cisco 7 passwords or the NTLM passwords.  It actually
> is beginning to sound like there might be enough of a hole in MD5 that "we"
> (collectively) had better start working on SHA-2 hashed passwords ...
>
> Ken
>
> ---------------------------------------------------------------
> Do not meddle in the affairs of wizards for they are subtle and
> quick to anger.
> Ken Hollis - Gandalf The White - gandalf@xxxxxxxxxxx - O- TINLC
> WWW Page - http://digital.net/~gandalf/
> Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
> Trolls crossposts - http://digital.net/~gandalf/trollfaq.html