<<< Date Index >>>     <<< Thread Index >>>

Re: MD5 To Be Considered Harmful Someday



For what it is worth, I have an ANSI standard C++ implementation of the sha-160/224/256/384/512 bit algorithms that auto-detects endian-ness and adjusts accordingly (tested on Wintel, Lintel and Solaris). It can be found at http://sol-biotech.com/code/sha2/ (it comes with a test suite that was developed by Aaron D. Gifford who did the C implementation I based it on). For some reason the default directory display does not list the README File, it is here: http://sol-biotech.com/code/sha2/README. I created a simple password class for creating and managing passwords based on my sha* implementation, it can be found here: http://sol-biotech.com/code/SimplePass/. I would love to have constructive feedback.

Keith Oxenrider
CISSP

At 10:36 PM 12/7/2004 -0600, Gandalf The White wrote:
Greetings and Salutations:

<snip>

I just want to make sure that the MD5 hash passwords don't end up being as
easy to compute as the Cisco 7 passwords or the NTLM passwords.  It actually
is beginning to sound like there might be enough of a hole in MD5 that "we"
(collectively) had better start working on SHA-2 hashed passwords ...

Ken

---------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf@xxxxxxxxxxx - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html