[Owncloud] Salt

Sven Radde sven at fsfe.org
Fri Jun 8 14:15:54 UTC 2012


Hi!

Am 08.06.2012 11:55, schrieb Hendrik v. Raven:
> Also a better  hashing algorithm than MD5 would be a good idea. MD5 is
> completely insecure for cryptographic reasons. Modern hashing
> algorithms like SHA2 with a length of 256+ should be used for modern
> software.

I agree with your conclusion, since there is really no reason *not* to
use one of the SHA2 functions for hashing nowadays.

However, to the best of my knowledge, the current cryptanalytic results
against MD5 do not allow practical attacks against its usage in
password-hashing schemes (particularly once a salt is used to eliminate
rainbow tables).
The ability to create collisions isn't particularly useful to break a
hashed password, you would need a preimage attack to do that. Also, the
current collision-attack needs at least two data blocks (i.e., 128
bytes) to work, which further reduces its applicability to passwords.

cu, Sven



More information about the Owncloud mailing list