It gets worse...
jra at samba.org
Fri Aug 20 18:10:49 GMT 2004
On Fri, Aug 20, 2004 at 02:02:52PM -0400, David Brodbeck wrote:
> > -----Original Message-----
> > From: Jeremy Allison [mailto:jra at samba.org]
> > "* Weng, Fang, Lai, and Yu have what appears to be a general
> > method for
> > finding collisions in MD4, MD5, HAVAL-128, and RIPEMD. They
> > haven't published any details."
> > This could be very bad for NTLM auth.....
> Not to mention for (Free|Open|Net)BSD systems, which mostly use MD5
> passwords by default. (It was thought to be "more secure" than DES.)
Well it is, actually :-). Thinking about this, it's still hard
to do a direct attack on NTLM auth as the MD4 hashes have to
be secret anyway, they're plaintext equivalents in a more direct
way than the BSD MD5 hashes.
More information about the samba-technical