Wikipedia states that md5's collision resistance is 2^18 (http://ift.tt/1kdSniN).
I just found out that openssl enc uses md5 to hash the password and the salt. Now let's assume that I have a 27 char random password (62 char alphabet). That would yield 62^27 = 10^48 possible passwords which will take an unfeasibly long time to crack.
Now, how does md5 change this assumption that brute forcing is not feasible? Will it take only 2^18 tries to find a suitable hash because finding collision is so easy?
If yes, why is openssl enc still using md5?
Aucun commentaire:
Enregistrer un commentaire