Skip to main content

Return to Answer

Added references to keywords
Source Link
petantik
petantik
  • 1.1k
  • 8
  • 12

Collisions do occur, but they should be rare enough that it is unlikely ever to occur within a certain amount of time.

Most attacks these days consider weaknesses in the algorithms used thus making it faster to find collisions to exploit. MD5 has been shown to be weaker than previously thought. This article from The Register shows how the weakness was used to create SSL certificates.

Even more resistant algorithms have been shown to have flaws that make it easier to find these collisions.

This PDF shows a paper discussing SHA-1 collisons and how it has been made easier. (Maths heavy)

For practical purposes for someone trying to recover passwords from hashes tools such as rainbow tables are employed

http://project-rainbowcrack.com/

This takes into account that people will choose passwords that are easy, so it's possible with a dictionary attack (a list of commonly used passwords plus many other terms) to compute hashes, and compare them. This is why using a salt is always recommended

Collisions do occur, but they should be rare enough that it is unlikely ever to occur within a certain amount of time.

Most attacks these days consider weaknesses in the algorithms used thus making it faster to find collisions to exploit. MD5 has been shown to be weaker than previously thought. This article from The Register shows how the weakness was used to create SSL certificates.

Even more resistant algorithms have been shown to have flaws that make it easier to find these collisions.

This PDF shows a paper discussing SHA-1 collisons and how it has been made easier. (Maths heavy)

Collisions do occur, but they should be rare enough that it is unlikely ever to occur within a certain amount of time.

Most attacks these days consider weaknesses in the algorithms used thus making it faster to find collisions to exploit. MD5 has been shown to be weaker than previously thought. This article from The Register shows how the weakness was used to create SSL certificates.

Even more resistant algorithms have been shown to have flaws that make it easier to find these collisions.

This PDF shows a paper discussing SHA-1 collisons and how it has been made easier. (Maths heavy)

For practical purposes for someone trying to recover passwords from hashes tools such as rainbow tables are employed

http://project-rainbowcrack.com/

This takes into account that people will choose passwords that are easy, so it's possible with a dictionary attack (a list of commonly used passwords plus many other terms) to compute hashes, and compare them. This is why using a salt is always recommended

Source Link
petantik
petantik
  • 1.1k
  • 8
  • 12

Collisions do occur, but they should be rare enough that it is unlikely ever to occur within a certain amount of time.

Most attacks these days consider weaknesses in the algorithms used thus making it faster to find collisions to exploit. MD5 has been shown to be weaker than previously thought. This article from The Register shows how the weakness was used to create SSL certificates.

Even more resistant algorithms have been shown to have flaws that make it easier to find these collisions.

This PDF shows a paper discussing SHA-1 collisons and how it has been made easier. (Maths heavy)