On 1/22/07, Edward Z. Yang <edwardzyang(a)thewritingpot.com> wrote:
Well, in spite of these extremely devastating attacks
in the collision
area, the keyspace of MD5 is extremely small: 128 bits is small enough
that a birthday attack is extremely feasible. MD5 also has many
comprehensive rainbow tables (including one that's 4.9 TB large!) I
think it's worth migrating, even if the security increase is
comparitatively small. It's not difficult to do.
A birthday attack is not relevant to a password hashing scheme, and
rainbow tables are useless since Mediawiki uses salts.
The fact that the keyspace of MD5 is only 128 bits does limit the
password strength, but who's using a password more than 13 characters
for their Wikipedia password? Does Mediawiki even allow more than 13
character passwords?
Anthony