Re: Insecure Hash Algorithms (MD5) and NTLMv2

From: Thierry Zoller (Thierry@sniff-em.com)
Date: Tue Nov 01 2005 - 06:46:53 EST


Dear Daniel,

DM> Just because MD5 has become "relatively" weak in recent months
DM> doesn't mean that it's trivial to create/find collisions using it.

http://www.doxpara.com/t1.html
http://www.doxpara.com/t2.html
Same md5

http://www.cits.rub.de/imperia/md/content/magnus/letter_of_rec.ps
http://www.cits.rub.de/imperia/md/content/magnus/order.ps
Same md5

http://www.win.tue.nl/~bdeweger/CollidingCertificates/MD5Collision.certificate1.cer
http://www.win.tue.nl/~bdeweger/CollidingCertificates/MD5Collision.certificate2.cer
Same md5

http://www.doxpara.com/confoo.pl
http://www.cits.rub.de/MD5Collisions/

-- 
http://thierry.sniff-em.com
Thierry Zoller
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:07 EDT