On 1/22/07, Edward Z. Yang edwardzyang@thewritingpot.com wrote:
Well, in spite of these extremely devastating attacks in the collision area, the keyspace of MD5 is extremely small: 128 bits is small enough that a birthday attack is extremely feasible. MD5 also has many comprehensive rainbow tables (including one that's 4.9 TB large!) I think it's worth migrating, even if the security increase is comparitatively small. It's not difficult to do.
A birthday attack is not relevant to a password hashing scheme, and rainbow tables are useless since Mediawiki uses salts.
The fact that the keyspace of MD5 is only 128 bits does limit the password strength, but who's using a password more than 13 characters for their Wikipedia password? Does Mediawiki even allow more than 13 character passwords?
Anthony