On Sep 22, 2005, at 11:52 PM, Craig Wright wrote:
First the quote from the MSFT program manager
"Microsoft is banning certain cryptographic functions from new
computer
code, citing increasingly sophisticated attacks that make them less
secure, according to a company executive. The Redmond, Wash., software
company instituted a new policy for all developers that bans functions
using the DES, MD4, MD5 and, in some cases, the SHA1 encryption
algorithm, which is becoming "creaky at the edges," said Michael
Howard,
senior security program manager at the company, Howard said."
Just because MD5 has become "relatively" weak in recent months
doesn't mean that it's trivial to create/find collisions using it.
Or, to put it another way, since NTLMv2 does in fact use a much
larger set of inputs, the fact that MD5 has become weaker simply
isn't an issue.
Here's why: the practical issue concerning collisions in weak hashing
algorithms has to do with modified/maliciously-generated content
hashing to the same thing as legitimate content does. This threat has
nothing to do with the difficulty of brute forcing hashes in the vein
of the rainbowcrack project, since the entire premise for that
project is trying all inputs.
Another way of looking at this is almost like a salting process; if
user@domain is part of every input then you can't just test $input,
you have to test $input for every $user@domain combination. As such,
the solution *IS* significantly stronger despite its use of MD5.
Or, at least this is how I currently understand things. Feel free to
correct me if I'm wrong.
--
Daniel R. Miessler
M: daniel@dmiessler.com
W: http://dmiessler.com
G: 0x316BC712
PGP.sig
Description: This is a digitally signed message part
