On 1/22/07, Edward Z. Yang edwardzyang@thewritingpot.com wrote:
Well, in spite of these extremely devastating attacks in the collision area, the keyspace of MD5 is extremely small: 128 bits is small enough that a birthday attack is extremely feasible.
Birthday attack, maybe, but that's useless for cracking a password. It's still far too large to brute-force a preimage. Maybe not for too many years to come . . . I don't disagree with the idea of moving to a new hash function just to be safe. It seems like a good idea.
(While we're on the topic of hashes, by the way, vBulletin has JS-enabled browsers hash and salt their passwords before they even send them. Thus man-in-the-middle attacks are impossible. Seems like a nifty idea to consider, anyway.)
On 1/22/07, Anthony wikitech@inbox.org wrote:
The fact that the keyspace of MD5 is only 128 bits does limit the password strength, but who's using a password more than 13 characters for their Wikipedia password? Does Mediawiki even allow more than 13 character passwords?
I think the limiting factor in password length in MediaWiki is how large a POST the server is willing to accept. ;) I once tried a password on my local install thousands of pages long, just for the heck of it, and it worked fine.